Firewall blocking allow rules...

Hello everyone,

I have a concern with the Comodo Firewall blocking some of my rules…

I have setup 2 allow rules:
Allow In TCP from_ip:any port_from:any to_ip:any to_port:22
Allow In UDP from_ip: port_from:5060 to_ip:any to_port:any

These are basically to allow incoming SIP and SFTP to my laptop…
I set up the rules, I reboot and comodo keeps on blocking them…

Log sample few minutes after setting up the rules:
Windows Operating System Blocked In TCP 51735 22
Windows Operating System Blocked In UDP 5060 62527

Can anyone explain this one to me?!?!?


To access servers through the firewall, in addition to any Application rules you may have created, you’ll also have to create Global rules to allow the inbound traffic. For example:

Open the Comodo control panel and select Network Security Policy. Open Global rules and add the following:

Action - Allow
Protocol - TCP
Direction - IN
Source Address - (enter whatever you need here)
Destination Address - ANY (you may also use the MAC address)
Source Port - (enter whatever you need here)
Destination Port - 22

Repeat for any additional server rules (This only applies for applications or services that need explicit inbound rules, you do not need inbound rules for normal Internet activity)

Remember, rules hierarchical, that is they are read from the top down, so place any allow rules before any block rules.

Isn’t that exacty what you want me to do? These are two Global Rules created in Network Security Policy according to what you describe!

Seems like adding “Windows Operating system” as a trusted application seems to do the job…

Windows Operating System is a pseudo process, it’s nearest analogue would be System Idle Process. This process steps in when there is no ‘real’ process or application to intercept inbound requests.

You stated the rule does not survive a reboot. Are those applications stored on an external storage device (USB HD, USB Flahs driver, etc), encrypted partition? CIS does not trust files stored on external (mounted) devices because they cannot be continuously monitored and are forgotten after a reboot.

I do not advice to give the WOS trusted application rights. If editing the WOS rule is the only way to go on your system then you need to make a custom rule; that would be the same rule as you made in Global Rules

The rule is still showing after a reboot. It simply doesnt apply.

That laptop is a setup a the external gateway for my network (ICS). WOS is the “process” used for most application inside my network goinf towards the web.
I set it to allow all outgoing and I monitor to see which I let in (21,22,990,443,etc).

Works like a charm :slight_smile:

That’s what I forgot to mention in my previous reply. The rule will be there but after a reboot or reconnecting the devices it will not be followed.