Filezilla still being blocked

I’m running Filezilla client with Filezilla.exe set as a Trusted Application. All incoming connections from the server are logged as blocked. I cannot even get a remote directory listing (List -a results in Error: Timeout). If I switch Comodo to Disabled, all is fine.

I cannot find a way to allow the incoming passive FTP connection, even though it appears the trusted application setting is permitting all incoming. Could it be because the passive connection means the incoming connection is via a different port?

What are the correct settings for Filezilla???

See the discussion at . There is a missing rule in the FTP Client ruleset to allow Passive FTP, and you may also have a misplaced global rule.
What is your OS and Comodo version? I have Filezilla running for both active and passive ftp with no problems.

What rules are you actually using for Filezilla?
And what are your global rules?

For passive FTP, all connections are initiated by the client, and are outgoing. See Active FTP vs. Passive FTP, a Definitive Explanation for more than you ever wanted to know about ftp. :wink:

I’m running Filezilla with it set as a trusted application, which allows all, rather than as an FTP client, so the TCP incoming should be allowed, no?

OS is XP SP2, Chatzilla is

In Global settings, if I delete the “Block and Log” rule from the bottom, below my “safe” LAN rules, it works fine. I’m concerned that turning off this will simply leave the firewall open for applications not otherwise having rules. Is this correct?

Strange, my Filezilla works fine.
Set as FTP Client in the firewall.

Even in passive mode…

I changed from FTP client to ALL, due to the missing TCP commands, discussed elsewhere. Only removing the Block and Log global rule allowed it to work.

BTW the above mention of Chatzilla should be the Comodo version :slight_smile:

LuckyS, what is your OS and Comodo Version. I verified that the latest ruleset I have for FTP Client doesn’t allow passive ftp (connects only to port 21), but please check what yours says. The update may have fixed it in the definition of safe programs?

Windows XP Home

Now what the heck?
I have checked the rules for Filezilla… The last thing I did was to set it to “Treat as FTP Client” with remember. No rules before specified.
And what do I see? 2 pages of rules for random ports (because of passive I think), an “allow all” rule, a rule for TCP and Port 21 and a rule for UDP and Port 53 (DNS?)

Now where is that coming from?
Is that because I am set to “Train with safe mode”?

FTP clients policy is for active ftp and requires a global rule to work (allow tcp in where source is 20)
Passive ftp need Outgoing only policy

There seem to be some anomalies in how Comodo adds in rules for safe applications, differently in .13 vs .14. And I am beginning to think there is a difference between XP and Vista. When I use a new program that requires network access, Comodo generates an “allow all out” rule for it and puts it in the Network Security Policies. That’s it-no block rule, no repeated rules. I then edit it to be a web browser, email client, ftp client, etc as necessary, and add the appropriate block all as necessary. This is not the behavior I got with 3.0.13, where Comodo added a more focused ruleset including a block and log for each application. In my review of 3.0.14 under the main thread, I pointed this out as an issue, in that from a security and maintenance point of view it seems like an undesirable answer. See;msg113604#msg113604 for comments and picture of the initial 3.0.14 generated ruleset. I imported my custom settings from 3.0.13 and use them instead, including a “block all and log” as the last rule for each application.

For Filezilla, I would get rid of all the extra rules and use the basic rules for ftp:
Allow all TCP out to port 21
Allow port 20 in (active)
Allow all TCP out (passive)
Allow DNS out
Block and log all else

And I suggest you submit the multiple rules as a bug-I don’t have quite the same ruleset issues under Vista. I don’t know whether the “allow all TCP out” I get is a bug or not-as my writeup states, the installation reboot wiped out the global rules and I have nothing but secondhand information on them. The global “block all and log” might be the current approach by Comodo? But I will submit it as a bug anyway.