Firewall blocks internet -.- [Resolved]

The firewall blocks all internet :-X

Its blocked when I turn on my pc and I have to swtich off the firewall and then, cmd ipconfig /release,/renew and then it works again for the most part. Restarting the switch also works stangley…

It only worked flawless once at a friends house and the only difference was that there he gave me an ip adress… at home I let the router give my pc the adress or something like that.

I´m running windows Xp pro SP2. Please help :slight_smile:

Welcome to the forums, Suicideer

What you describe sounds like a DHCP dynamic address assignment problem. It could be that CFP didn’t get configured to handle DHCP automatically.

To check that, I’ll need for you to post a screenshot of Global Rules (open CFP, click Firewall → Advanced, Network Security Policy, the Global Rules tab).

Maximize the window, then press alt-prntscrn to copy the window image to the Windows clipboard. Open Paint (Start → All Programs, Accessories, Paint), and then cntl-v to paste the image. Save as a JPG or GIF file. Then post here, and attach that file.

Once I see what your existing rules are, I can work out what changes are needed.

hope this is the correct one ^^

[attachment deleted by admin]

Yes, that is the correct one. Thank you.

It looks like you’re missing a rule. CFP normally handles the DHCP address assignment rules invisibly, but sometimes it misses. Yours seems to be such an occurance.

To fix that, we need to add a rule to your Global Rules. On that Global Rules window, click Add, and enter the following details:

Action: Allow
Protocol: UDP # select from the pull down menu
Direction: In/Out
Source Address: any
Destination Address: single IP: 255.255.255.255
Source Port: a port range: start 67 end 68
Destination Port: a port range: start 67 end 68

then Apply to create the rule.

This new rule will be positioned at the very bottom of the list in your Global Rules. Click on the rule to highlight it. Then click “Move Up” to reposition the rule until it is the very first rule in the Global Rules list. Then click Apply to put the rules into effect.

That should take care of the DHCP address assignment. So that means try it for a while, and see if the problem goes away. It should be gone.

That’s for an application rule. You should enter this new rule on the Global Rules, which are not application specific.

yes, just realized and deleted my post :stuck_out_tongue:

Ok, all done…we’ll see if it worked in about 30mintues ^^

Thank you anyways for you time (CLY)

seems to work (:LOV)

tyvm ;D

Good to hear!

I’ll leave this topic open for a day or so, in case something unexpected shows up. Then I’ll lock it for reference. If you need it re-opened after that, you can PM any of the moderators.

Topic reopened by request.

Suicideer, if you could run the Firewall Config Reporting Script (see the sticky topic at the top of the forum), and post the report here, it would give me an idea of that to look for in settings. Thanks.

the correct one?

[attachment deleted by admin]

Yes, that’s the correct report. Thank you.

Two changes to make:

First, is a very slight change to your Global Rule

Allow UDP In/Out From IP Any To IP [255.255.255.255] Where Source Port Is 67 And Destination Port Is 67

It needs to be this, instead:

Allow UDP In/Out From IP Any To IP [255.255.255.255] Where Source Port Is 67-68 And Destination Port Is 67-68

The difference is the ports listed. Currently you’ve got just a single port, 67. It should be a range of ports, starting at 67 and ending at 68.

The second thing is the more serious, and is what is causing the problem.

Presently, you have this:

Application 13: C:\WINDOWS\system32\svchost.exe Treat as: [Web Browser]

Now, svchost.exe is a great many things, but it is not a web browser. It needs to use a different set of predefined rules. Change it to “Outgoing Only”, and you should be all set.

oke done, but the first rule change is already 67-68 in the settings :o

You may have tripped a scripting bug, or not. To find out, I will need for you to dump a portion of your Windows registry.


cmd /k reg query "hklm\system\software\comodo\firewall pro\configurations\0\firewall\policy\global rules" /s > "%userprofile%\desktop\regdump.txt"

Click Start → Run, and then paste in the command from the code box above, then click OK. This will open a Windows command prompt window. If all goes properly, you will have a file regdump.txt on your desktop. If not, then the command window will have some error messages.

If you get some kind of error message in the command window, please make a screenshot of the window and post it here, so I can change what needs to be run.

If you would post that regdump.txt file here, it would help in trying to see why that port range did not not get reported properly. You can delete the regdump.txt file from your desktop after that.

Thanks.

just says “Cant find the search way”

I’m sorry, I don’t understand. Was this the error message in the command prompt window, or the contents of the file on your desktop, or something else entirely?

Did you copy/paste the entire, very long, command from the code box into the Start → Run command entry?

yes, and the cmd answer was cant find…

Okay. Strange, but still that is what it is.

So, we’ll go at this the hard way, using regedit.

Click Start → Run, and enter “regedit”.

Navigate to this key: “hklm\system\software\comodo\firewall pro\configurations\0\firewall\policy\global rules”

Click on “global rules” to expand the tree. Then click on the top toolbar File → Export.

Give some file name in some folder somewhere. The “save as” type is Win9x/NT4 registry files. This is a text format dump with key and value in a format that can viewed in Notepad.

Then post that file here so we can see what the registry details are, and try and figure out why the script reported what it did.

If you have some difficulty in navigating the registry path, that will be a different problem. How to proceed from point depends on the difficulty encountered.

cant upload .reg files at the forums

Try renaming the file as a txt file. Check that it is a txt file by opening it in Notepad. Then you can attach the file to a posting here.