Global rules problem

Hey everybody,
After searching and reading allot around the forum, I still could not answer my question, so I decided to make a topic myself.
I have a problem with comodo firewall v3.5. I’m using XP SP3 professional without any other security programs. I have a build in network card and a Intel 5100AGN wireless card with the latest proper installed drivers.
These are my global rules (the nr’s are the ID’s)

0	block + log ip in 	source adres: any, destination adres: any 	ip details: any
1	allow tpc/udp out	source adres: any, destination adres: any	sourceport: any, destinationport: any
2	allow tpc/udp in	source adres: any, destination adres: any	sourceport: any, destinationport: 4000-4010 portset
3	allow ip in 		source adres: lan, destination adres: any	ip details: any
4	allow tpc/udp in	source adres: any, destination adres: lan 	sourceport: any, destinationport: msn port set

‘lan’ is a network zone with a range from till Programs I trust are given the ‘trusted application’ rights, others are blocked or are given outgoing only. My pc’s at home get a ip in the 192.168.1.x range. This all works well, no problems at all. But when I use my laptop’s wireless outdoor I get a problem. For example, when I use the wireless at my school I get a ip in the 145.x.x.x range. My laptop gets the ip without a problem, but after that all communication is blocked by comodo. When I disable comodo all my internet traffic gets going again. I have this problem on any wireless network. I uploaded a part of my firewall log to:

I’ve got two questions:

  1. Are my global rules causing this problem, and if so what can I do to correct it?
  2. Is the way I use my global rules and programs rights as I described save?

I have quite some knowlegde of computers, so don’t have to explain basis things to me (just to save you guys time :P). I hope some one can help me with this, thanks in forward!

I cann’t understand why you are able to work anywhere! “Block+Log IP IN ANY ANY ANY” - first Rule and should BLOCK EVERYTHING!!! - sorry, to fast overview from my side =)
anyway, Rule #3 is overtaken by Rule #0. So Rule #3 is never applied to any traffic! Also #2 and #4!
So I suggest you to check you vision of creating and ordering Rules.

But also Rule #1 should work (no matter home, school, or any WiFi spot =) ), so I cann’t understand this strange behaviour.

p.s. Sorry for my bad english

I think you see the rules in the wrong order, rule 0 is the one that’s in the bottem in comodo, rule 1 is above rule 0, rule 2 above rule 1 and so fort.

Ok, my mistake =)
So the right order of Rules (As they appeare in Global Rules List)
Is it right?

Anyway, when you are in school (145.x.x.x)
Only 3 Rules applied:
By them you:
allow Incoming to ports set 4000-4010
allow any outgoing
Block all other activity
So, any Internet Browser should be able to go to any site…(if it is outgoing or trusted)
I can only suggest you for now add Loging to Rules 2 and 1 and take a look to Event log. If there will be any rows with allowed activity, then your rules works fine. Just try it on Web Browser for example and for logging.
Also describe Firewall Mode you are using now. And do you receive any alert in school during any started by you network activity.

Thanks for your reaction. I use custom policy mode. I get reports in my log, I uploaded a part of my log here:

I don’t want to be confused, so in THAT uploaded log - what is YOUR IP ?

Also - I see lots of blocked IGMP packets (and this is right - rule #0)
Lots of blocked UDP (most of them broadcasted) - this is all normal.

So without logs of Allow+Log Rules nothing can say anymore

p.s. And forgive me for my rude - WELCOME TO THE FORUM ! =)

Edit: Cannot Share Personal Identification Material In The Forums

Cannot Share Personal Identification Material In The Forums

See The Forum Policy


CGPMaster - sorry, my mistake.

But it is impossible to give a good help without some knowledge. (IMHO)

Also any published Event log is unacceptable because of Forum Policy (many log entries could discover identification material).

That ip wasn’t mine, it’s a ip I acuired at my school. Not my home ip and dhcp so not dangerous. Also I put a ‘x’ in the second digit of the log :slight_smile: I will try your allow log method