Firewall Blocks DHCP I get 169.254.x.y

Can I giv my MAC address in place of a trusted zone,

I am using a rukus MM2211 wifi modem to get the IP from the DHCP server, whenever I try to access the I’l get an IP like 169.254. ., could anyone guide me…?


Please read this FAQ here and see if that helps fix the issue.

Hi Ronny

Thanq very much for the help article on DHCP,

now I created a global rule to get the DHCP IP and got it…but here what IP should I use to mention the trusted zone(169.254.x.y) or the new DHCP IP or the default gateway or the DNS servers address or my MAC address…or no need of a trusted zone?

There is only need for trusted zone(s) if there are more devices in your network then just your PC and Router/modem.

Trusted zone creates access for ALL devices in your local Network so a trusted zone for 192.168.1 will allow all the devices to access all the ports on your PC where you are running CIS.

As long as there are no other systems in your LAN “using” anything on your system there is no need for a trusted zone (e.g. file & printer sharing).

ok ronny

As mine is the only system connected to the internet, I disabled IPV6, file & printer sharing options and also I removed teamviewer, realVNC…from the Comodo tursted vendors to observe the traffic whether any outsider is connecting to me… still I need to tightenup some appl.rules…

thanQ very much for ur guidance in everything…

No problem, If you have more questions feel free to ask.

Hi Ronny

Im trying to create some rules and I found the below mentioned rule in a post, where the user is no need of DHCP IP but for me I get IP from the DHCP server through a wifi modem and also Im the only one connected to the net then could u plz tell what could be the local host of mine…?

Allow TCP or UDP In or Out from NAME: ( to NAME: localhost ( where source port is [Any] and destination port is [any]. (Loopback rule)

can you please explain a bit more what your trying to accomplice?

Hi Ronny

I want to be secure and also Im trying to learn and implement various technics and tips given by you and all the other security experts in this forum…thats all

Well in regards to the localhost traffic ( I’d suggest the following setup.

Create a new group on the applications policy (Add, Select, File Groups, All Applications).
This will create rules for all applications, put it on top of all other rules and add the following.

Allow, UDP out, Src=Any Src port=Any, Dst=, Dst port range 1024 - 65535.

This will make a good bunch of application rules redundant, so verify them for duplicate entries matching the above and remove them…

There is no need to allow INcoming traffic to I have never seen such rule in action…

ThanQ Ronny

I will do what u’ve suggested, actually I found the above rule in one of the old forums given by some security expert P2u:,

plz go through that once as you said you haven’t seen such type of rule I attached the link above…

hope you would help me after going through that rules link…ok