Firewall Events blocked even with Global rules

Could someone please do me the favor of a quick theory on whats going on here.

I’m running ICS and Comodo right now while figuring out what router to buy or if I want to make a pfsense router.

The first problem is odd. I have a computer on static IP 192.168.0.15 and as far as I can tell I have to allow UDP access via port 53 for DNS. I have two computers. I made identical MAC source rules to allow UDP IN (since they are from ICS). Originally the firewall simply popped up a message saying 0.15 wanted UDP and I allowed it, once I realized DNS doesn’t work otherwise. YET it seems to randomly ignore this rule and stop 0.15. I can go to Firewall Events and see it blocking 0.15 and then I go to rules and under SVCHOST and it’s set to allow UDP IN from SOURCE 0.15 to any DESTINATION and PORTS. Also to make it odd… I can fix it by simply setting the firewall to disable, which allows the 0.15 computer to surf and then set it right back to custom… which oddly doesn’t go back to blocking. That almost seems like a bug to me since there seems to be NO WAY the firewall should block something, then work when set disable and then continue to work

So basically how can it be blocking me when the rule says to allow it ? I also tried setting a global rule to ALLOW any TCP or UDP IN or OUT to that IP. Yet Firewall Events shows it being blocked. (this is where i wish Firewall Events would show me WHAT RULE is blocking that event). I don’t have a lot of rules as I just setup this system from a fresh install yesterday and it only routers, surfs and plays second life. The other system on ICS however doesn’t lose it’s connection. It’s almost as if the 0.15 computer just times out and the firewall decides to block it.

Second problem is similar. I set a global rule to try to not block the incoming Utorrent connections (utorrent is on the other ICS computer 192.168.0.24). I have just two global rules, the ICMP rule it comes with and a rule to ALLOW TCP IN from ANY source if the destination port is my utorrent port.

I have successfully setup ICS port forwarding before. However I don’t think that matters as the firewall event monitor clearly shows it being blocked.

I also tried making this rule under the SYSTEM process and SVCHOST process before I found the global rules. I realize the rules go from top to bottom, as I said I don’t have many rules.

I looked up the rules but most seem to be based on utorrent being on the PC with the firewall.

I have also firewall behavior alert set to HIGH, but I’m surprised that I’m not getting many alter as I’m more or less constantly spammed by incoming utorrent connections that are considered intrusions.

There are no events in Defense+ if that matters, though I don’t think it would for a program running on a remote PC.

The setting to disable and then back to custom to make the 0.15 computer surf is really mind boggling.

Hi moejama

Mind boggling indeed. I’m confused as well. :slight_smile: Can you post screen shots of the Firewall Log block entry, global rules & the Network Zone definition of you LAN if possible, thanks.

edit: Of course, I recommend you turn the alert level down a notch, or two… unless you want to be alerted to every random port that somebody uses in a torrent? :slight_smile:

edit2: What I should have said: HIGH? Noo… you’ll injure your clicking finger! ;D

Likely I’m misunderstanding how you have things set up. Do you have two PC’s, or three? Standard WINXP ICS has a host PC at 192.168.0.1, with user client PC’s on the 192.168.0.x LAN. You’ve identified two client machines, one at 0.15 and one at 0.24. Your description leads me to think that the 0.15 machine is the ICS host, and not an 0.1 standard host address. That’s why I ask about how many machines there are.

Another question, is which machine(s) are running CFP?

Aside from Kail’s request for screenshots, could you run the CFP Config Reporting Script that is referenced in one of the sticky posts at the top of this forum? It will generate a txt file that you can post here, that will give a very concise description of what all the CFP settings are.