Firewall blocking allow rules...

JulioQc · March 19, 2011, 12:51am

Hello everyone,

I have a concern with the Comodo Firewall blocking some of my rules…

I have setup 2 allow rules:
Allow In TCP from_ip:any port_from:any to_ip:any to_port:22
Allow In UDP from_ip:208.65.240.142 port_from:5060 to_ip:any to_port:any

These are basically to allow incoming SIP and SFTP to my laptop…
I set up the rules, I reboot and comodo keeps on blocking them…

Log sample few minutes after setting up the rules:
Windows Operating System Blocked In TCP 64.86.141.133 51735 174.91.228.9 22
Windows Operating System Blocked In UDP 208.65.240.142 5060 174.91.228.9 62527

Can anyone explain this one to me?!?!?

Thx

Radaghast · March 19, 2011, 2:30am

To access servers through the firewall, in addition to any Application rules you may have created, you’ll also have to create Global rules to allow the inbound traffic. For example:

Open the Comodo control panel and select Network Security Policy. Open Global rules and add the following:

Action - Allow
Protocol - TCP
Direction - IN
Source Address - (enter whatever you need here)
Destination Address - ANY (you may also use the MAC address)
Source Port - (enter whatever you need here)
Destination Port - 22

Repeat for any additional server rules (This only applies for applications or services that need explicit inbound rules, you do not need inbound rules for normal Internet activity)

Remember, rules hierarchical, that is they are read from the top down, so place any allow rules before any block rules.

JulioQc · March 19, 2011, 7:26pm

Isn’t that exacty what you want me to do? These are two Global Rules created in Network Security Policy according to what you describe!

JulioQc · March 19, 2011, 8:48pm

Seems like adding “Windows Operating system” as a trusted application seems to do the job…

Radaghast · March 20, 2011, 4:09am

Windows Operating System is a pseudo process, it’s nearest analogue would be System Idle Process. This process steps in when there is no ‘real’ process or application to intercept inbound requests.

Citizen_K · March 20, 2011, 10:22pm

You stated the rule does not survive a reboot. Are those applications stored on an external storage device (USB HD, USB Flahs driver, etc), encrypted partition? CIS does not trust files stored on external (mounted) devices because they cannot be continuously monitored and are forgotten after a reboot.

I do not advice to give the WOS trusted application rights. If editing the WOS rule is the only way to go on your system then you need to make a custom rule; that would be the same rule as you made in Global Rules

JulioQc · March 22, 2011, 1:16am

The rule is still showing after a reboot. It simply doesnt apply.

That laptop is a setup a the external gateway for my network (ICS). WOS is the “process” used for most application inside my network goinf towards the web.
I set it to allow all outgoing and I monitor to see which I let in (21,22,990,443,etc).

Works like a charm

Citizen_K · March 22, 2011, 1:58am

That’s what I forgot to mention in my previous reply. The rule will be there but after a reboot or reconnecting the devices it will not be followed.