There are more than one way of setting rules for - anything, not just uTorrent. I agree with some posters here so I went with a simpler ruleset like Ragwing posted (similar to v2):
Allow outgoing TCP/UDP connections to ANY ANY
Allow incoming TCP/UDP connections to uTorrent’s listening port on ANY for my IP → Although yetanotherid’s idea on using hostname should work as well
Block all in & out connections
Pandy’s rules are more rigid, but more secure at the same time. Doesn’t matter to me though.
I decided to totally remove global rules since I like to view everything in one screen/tab. There is no security risk by doing this, provided that you know what additional rules your system requires to allow (as seen in my screenshot of System and Windows Operation System. It’s just another way of setting things up.
I did include the global rule. I decided to go for Ragwing’s rules simply because I was far to lazy to input pandalouk (sp?) for the millionth time (with the reinstall and uninstall). Plus it worked…
However, today seems to be a different story. When I started up utorrent today it seems to have difficulty logging in to dht which is has caused the the evil yellow triangle to show up again (:AGY).
I know I port forwarded correctly all rules in comodo are the same as yesterday. Definitely when I checked the port yesterday it was open. I’m completely at a lost… I’m beginning to wonder if it’s to do with utorrent itself more than anything else. I can understand why it would change from one day to the next…
P33gles: I don’t think it’s uTorrent. I’m using the latest stable 1.7.6. and before that was 1.6.1. I’m willing to bet it’s your CFP rules like if you didn’t use the ANY for the IP, it could be that your IP address was released & renewed by your ISP. Why not post screenshots?
The fastest (but not safest) test is to disable CFP and restart uTorrent to see if it’s the same.
I don’t know exactly how or when utorrent decides that it can receive incoming connections, but I’ve found it to be incredibly slow at times to acknowledge that it can.
I only installed Comodo about a week ago. Prior to that I wasn’t running a firewall on this computer at all, just using the router to hide behind, with port forwarding set up in that. I was also running utorrent 1.7.5 until I switched to 1.7.6 a few days ago. Anyway…
Even without a firewall, and therefore no way for incoming connections to be blocked, utorrent would often run torrents with it’s yellow icon showing. I’d check port forwarding via the Speed Guide and sure enough the port was being forwarded, but still no green tick. Usually the green tick would appear, sometimes immediately after running the port forwarding test, sometimes it’d happen a lot later, but I started thinking utorrent just wasn’t all that quick to update it’s icon. Version 1.7.6 seems to be a lot better for me, so maybe it’s a minor utorrent bug.
As has been asked, what happens if you shut the firewall down while utorrent it running? Does the green tick immediately appear? And if you have a global port forwarding rule setup (so any application can receive incoming connections via that port) does the Speed Guide’s port forwarding test pass or fail while utorrent is still “yellow”?
There’s an important difference between disabling and shutting down CFP:
Disabling - can be done lots of ways via the GUI or system tray icon > Firewall Security Level > Disabled. This is the same as lifting all your network firewall rules to “Allow All” connections in & out
Shutting - also lots of ways, but the official method is to right-click on the system tray icon and click Exit. When the firewall is closed, all incoming connections are blocked.
So if you shutdown CFP, you can test out uTorrent until the cows come home, but it won’t work because the listening port that requires incoming connections is blocked.
Yes you’re correct… almost.
I should have checked my “advice” before posting.
I just did a quick test though and if I may, would like offer a minor correction of your correction of my post.
It seems that when you exit the firewall, it’s not that all incoming connections are blocked, rather everything remains “as was”. So yes if Comodo was blocking incoming connections, “exiting” won’t change that, but if it was already forwarding the port, that won’t change either.
Least that’s how it worked on my computer, but I guess you do need to check if the firewall is blocking the port by a method other than “exiting”.
AFAIK, it should be blocking all incoming connections just like v2 did – unless you already have an application running all this time like uTorrent with a port opened. That’s something I’ve never tried. Is it the same if you exit and restart uTorrent while CFP is closed?
I followed the guide and I’m having some problems. uTorrent is showing the connection is ok and it seems I can connect to others (although very limited numbers) however I’m having problems connecting to trackers - recieveing the ‘offline (timed out)’ message. Looking at the firewall events window I’m seeing lots of incoming connections blocked, uTorrent connections from many IP’s/Ports all destined for my IP/open uTorrent port. When the firewall is disabled everything works fine. :-\
i hate having to come off looking complete green about torrents but …
i’ve been mucking around all day between my ISP, forward.com, uTorrent and Comodo tutorials until i finally found this forum.
i’m not having any luck getting a connection at all and i don’t have a clue why. it’s taking all the fun out of what i thought would be a fun discovery - torrents.
i’m running Win XP with SP2; Comodo 3; uTorrent 1.7.6 … i’ve followed this tutorial (I don’t know how much clearer you all can be without driving over here and doing it yourself) and created about 5 rules (6?) for uTorrent and i’ve triple-checked that all the recommended settings are enabled (or not) in uTorrent and Comodo.
if someone is feeling particularly patient, can you please draw me some pictures? i guess i’m dafter than i like to think.
just wanted to say I’m using pandlouk tutorial n it works very nice… one thing i want to clarify is… when i look at the firewall events i see some blocked connections…thats from the block rule right…?
I’m new to this whole firewall pc stuff… (:NRD)
also when i first launch utorrent, the firewall asked for the permission but it displayed port 5351 instead of the port i have utorrent set to .
is that right?
thanks
(S)
seems like different rules work for different folks.
there is absolutely no way the tutorial works for me in the accepted sense and my ports stay stealthed…i have to use a global rule for my utorrent port
It’s all very odd. I’m not saying you’re doing anything wrong but it’d be interesting to know why.
As an experiment I turned on Defense+ and cranked up all Comodo’s security levels. I then deleted all Comodo’s rules with the exception of the two application rules I created for utorrent and Comodo’s standard Global rules. I even deleted my local network and it’s associated rules. Then I rebooted the computer.
Once the PC finished rebooting and Comodo had finished bombarding me with security warnings every 10th of a second and everything had settled down again I started utorrent and the green tick appeared almost immediately. As an experiment I opened utorrent’s application rules and changed the incoming port forwarding rule to “block”. This resulted in utorrent complaining about not receiving incoming connections, so the firewall is obviously working as designed without any extra global port forwarding rule.
It’s all very strange. Maybe there’s a simple reason for some people needing a global rule that we’re all missing at the moment…
I’m still using the “host” as the destination in the utorrent “allow incoming” port forwarding rule, rather than an IP address etc. I haven’t tried changing it to an IP address to see if it makes a difference, but is anyone who needs to also add a global rule using “host” as the destination in the application port forwarding rule rather than an IP address?
Been using the rules in the first page and it works fine.
Recently I’ve been trying to add the safety net rule in global, “Block IP ANY to ANY”, but as I later discovered this is also denying something with utorrent that keeps it from going green (works fine if I dump the safety net). Does anyone know how to resolve this or am I just going to have to settle to removing the net whenever I use utorrent?
They are essentially the same for any p2p application. While the applications may have different individual configuration/setup, the process for creating rules is the same.
pandlouk, I was just looking at your rules for utorrent, and I must say I’m confused. Not by the rules, they are perfectly clear, but:
Do you have the global “block all…” rule? If you do, how can the utorent receive inbound traffic? For the inbound traffic, the cfp first checks the global rules, and if all inbound is blocked, without opening a port for utorrent, it won’t function ???
in one of your post you said to remove a global rule which opens an utorrent port for inbound (if I understood you correctly).
You said that this rule (Allow TCP/UDP IN from Any to Any source port:Any destination port:) would give permanent access at that port on all applications.
I disagree, because if any application othter than utorrent would try to receive inbound tcp/udp on that port, the cfp would generate an alert. Even though this port is opened in global rules, it’s not opened for each and every application.
Please correct me if I’m wrong.
One more question. When using utorrent, I get a lot of log entries for blocked ICMP type 3. What should I do about it?
a) create a rule to block it but not log it (to keep my logs clean and reduce the disk activity)
b) allow it
c) ignore it
