Firewall Questions -- Need Answers

Ever since I installed CIS 4 Free, I’ve noticed that Comodo Firewall blocks all inbound traffic for uTorrent. I must also note that most (perhaps even all) of the originating IPs are not traceable through whois, traceroute and nslookup.

I neither feel nor see anything unusual with uTorrent (download and upload speeds seem normal), but I wonder as to why Comodo decides to block all those traffic. Could someone please shed some light on this?

Additionally, the log viewer’s export functionality does not seem to work here; it simply gives me an HTML file with some headers and empty table (see attachment). Is this a known issue or have I done something awfully wrong?

My setup:

Windows XP Pro with SP3
Comodo Internet Security Free 4.0.141842.828
Signature version 4832
Active configuration: COMODO - Proactive Security
uTorrent version 2.0.1 build 19248

Thanks for dropping by.

P.S.:
Due to forum restrictions, I had to rename the log file’s extension to .htm.log.

[attachment deleted by admin]

Read the following tutorial I made on how to open a port. Substitute the port number and protocol for your situation.

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

Thank you for posting the tutorial. I have further questions, if you don’t mind.

  1. Why should the rule be created in Global Rules and not in Application Rules?

Reason I ask being my log is full of blocked inbound breach attempts from and to numerous unprivileged ports directed at Windows Operating System. Wouldn’t it pose a security risk to open unprivileged ports under Global Rules?

  1. I use File and Printer Sharing a lot (mainly file sharing) in peer-to-peer mode over Ethernet and sometimes over WiFi (Ad-Hoc mode), and I find that it takes significantly longer for both machines to see and access each other’s shares when Comodo Firewall is on. Upon further investigation, I think the problem stems from the Firewall blocking inbound TCP connection directed at Windows Operating System on port 80. Hence, I created a global rule to allow inbound TCP connections on port 80 for local machines using IP mask (192.168.0.1/255.255.255.0) but that doesn’t seem to fix the problem – log still shows the connections are blocked. So what is the surefire way to unblock the port?

  2. The second question in my original post is still unanswered, so perhaps I should rephrase it. Is the export function in Log Viewer meant to be available to free users, or is it for licensed users only?

  1. Incoming traffic first goes through Global Rules. When it is unsolicited incoming traffic it will be blocked by default; that’s why you need to punch holes on required ports. After that the incoming traffic will be handled by the application rule for the listening application. That is how the firewall is built; incoming traffic first goes through Global Rules and then through Application Rules. Outgoing traffic first goes through Application Rules and then through Global Rules.

The new default Global Rules for the Firewall are default stealth. That means every unscolicited incoming traffic will be blocked unless allowed with a rule in Global Rules. This default block can fill up the logs quite a bit as you have noticed.

2.For file and printer sharing it is best to make your local network a trusted network using the Stealth Ports Wizard:
First look up your IP address and subnet mask. In Windows go to Start → Run → cmd → enter → ipconfig → enter → now lookup your IP address and subnet mask.

Second create a zone in My Network Zones (Firewall → Advanced → Network Security policy). Choose Add → A New Network Zone → fill in a name like My local network → Apply. Now select My Local Network Zone → Add → A new address → choose An IP Address Mask → fill in your local IP something like 192.168.1.x usually and your subnet mask; usually 255.255.255.0 → Apply. Now check and see the new network defined. Exit using Apply.

Now we are going to use the Stealth Ports Wizard to make your local network a trusted network (Firewall → Common Tasks):
Choose “Define a new trusted network and stealth my ports to EVERYONE else” → Next → choose “I would like to trust an existing My Network Zone” → choose your local network zone from the drop down box at the bottom → Finish.

Now check your Global Rules and see your network added.

Does this work better for you?

  1. The export function of the log is for all users. The only difference between the Free and the paid versions is the extra services the paid services get. The program is the same for the free and paid users.
1. Incoming traffic first goes through Global Rules. When it is unsolicited incoming traffic it will be blocked by default; that's why you need to punch holes on required ports. After that the incoming traffic will be handled by the application rule for the listening application. That is how the firewall is built; incoming traffic first goes through Global Rules and then through Application Rules. Outgoing traffic first goes through Application Rules and then through Global Rules.

The new default Global Rules for the Firewall are default stealth. That means every unscolicited incoming traffic will be blocked unless allowed with a rule in Global Rules. This default block can fill up the logs quite a bit as you have noticed.


Ah… Understood.

2.For file and printer sharing it is best to make your local network a trusted network using the Stealth Ports Wizard: First look up your IP address and subnet mask. In Windows go to Start --> Run --> cmd --> enter --> ipconfig --> enter --> now lookup your IP address and subnet mask.

Second create a zone in My Network Zones (Firewall → Advanced → Network Security policy). Choose Add → A New Network Zone → fill in a name like My local network → Apply. Now select My Local Network Zone → Add → A new address → choose An IP Address Mask → fill in your local IP something like 192.168.1.x usually and your subnet mask; usually 255.255.255.0 → Apply. Now check and see the new network defined. Exit using Apply.

Now we are going to use the Stealth Ports Wizard to make your local network a trusted network (Firewall → Common Tasks):
Choose “Define a new trusted network and stealth my ports to EVERYONE else” → Next → choose “I would like to trust an existing My Network Zone” → choose your local network zone from the drop down box at the bottom → Finish.

Now check your Global Rules and see your network added.

Does this work better for you?


So far so good, shares initialization has been considerably faster now.

But I wondered whether the same setting is safe for Internet Connection Sharing (ICS) as well?
I rarely need ICS, but I do use it once in a while especially over WiFi. My desktop always acts as the server (192.168.0.1/255.255.255.0) and the laptop as client (192.168.0.2/255.255.255.0).

3. The export function of the log is for all users. The only difference between the Free and the paid versions is the extra services the paid services get. The program is the same for the free and paid users.
That's good. So there must be a bug in the Log Viewer, since I'm still getting a blank table in exported log files.

Sorry for throwing in lots of dumb questions, but it’s hard to link what the user guide says to my situation, mainly because I’m 54 and I never had to deal with this type of affair back in my early days.

Your help has been invaluable to this 54 year old dude. Thank you, EricJH. :slight_smile:

hi! i am new with comodo firewall, and i have a question,
I did a CLT test to comodo firewall and only Vulnerable is Coat (25. Impersonation: Coat Vulnerable)

Does anyone know how to configure settings to fix this? Thanks :-TU

With ICS you can decide to make define the trusted zone only as a set of IP addresses being used and not the whole range.

So there must be a bug in the Log Viewer, since I'm still getting a blank table in exported log files.
Logging never quite functioned properly for me. I guess there is some work for the devs here.
Sorry for throwing in lots of dumb questions, but it's hard to link what the user guide says to my situation, mainly because I'm 54 and I never had to deal with this type of affair back in my early days.

Your help has been invaluable to this 54 year old dude. Thank you, EricJH. :slight_smile:

Glad I could be of help. It never hurts to ask and other people may learn from it as well.