I can't for the life of me figure out why these connections are blocked.

Hello,

(Look at picture) I’ve always had these kind of entries for as long as I can remember but now I actually tried to figure out why the hell they are being blocked.

Configuration is Proactive
I’ve changed “Stealth Ports” to “Alert Incoming Connections”
Firewall is set to “Custom Ruleset”
For testing purposes all options like “Filter IPv6 traffic” etc has been enabled and disabled but the traffic is still blocked no matter what they are set to.
I removed all Application Rules just for testing.
I also removed all Global Rules.

I can seriously not for the life of me figure out WHY this is blocked… I don’t really care that it is blocked since I haven’t seen any services stop working because of it, I just want to know whyyyy. :cry:

Anyone got any idea?

Edit: I just made a global rule that blocks all incoming connections without logging them so… that’s that.

Regards,
Sanya IV Litvyak

[attachment deleted by admin]

Hi Sanya I know you posted this a while back but did you ever find a solution? I have a similar problem of network intrusions because of the “filter ipv6 traffic” and looking for a solution… thanks

I did not find any solution other than the one present in the red edit of my original message, although I have since removed that rule and I don’t know why but I don’t get these intrusions anymore.

thank you Sanya, can you please show me how to create that global rule that you did to solve it?
also can I please copy from you the settings you have in the general firewall settings? my settings look like in the attached picture

[attachment deleted by admin]

The way it “solves” it is to block all incoming traffic but not log it, so if that’s what you want then you can look at this video: Desktop 07 27 2014 14 54 38 01 - YouTube Though be ware that that rule will block ALL incoming traffic, so if you have any services that needs incoming traffic then that rule will interfere with those programs, although the rule in the video may only be relevant for my issue and yours may be different as you mention it’s about filter IPv6 traffic, hence that rule may not be relevant in your case.

I’ve attached an image with my firewall settings.

[attachment deleted by admin]

hi Sanya first, thanks :slight_smile:
why did you decide to untick the box with the “block fragmented Ip traffic”? I don’t even know what it does but just wondering

I can’t remember exactly why, but it was blocking something I wanted to allow, can’t remember what it was now but… yeah.

:slight_smile: hahaha
how did you even figure out THAT was the culprit?
how often do you get alerts with your ‘paranoid’ setting “alert frequency”?

Trial and error, i.e tried disabling everything first and noticed that the traffic wasn’t blocked at that point, then tried enabling settings one by one until the traffic was blocked again and the result was that “block fragmented IP traffic” blocked some traffic that I needed but can’t remember what it was…

I don’t get many alerts because whenever I get a new application that doesn’t have any rules I usually set up some rules for it myself, but if I wouldn’t do that and only answered the alerts one by one without using “treat as” then pretty many.

if I leave this “alert frequency” box unticked like in my case, you reckon my system is much compromised?

you know something, i have mine setup like yours now for a while leaving just the “block fragmented IP traffic” box unticked and the rest ticked
and I don’t get any network intrusions now for a while(knock wood 3 times big time)
could it all have to do with THAT one?

Basically what the alert frequency does is decide what rules get made when you click “Allow” or “Block”, the higher the frequency the more detailed the alerts are, by default alert frequency is disabled… and I don’t know what that really means in terms of the rules created, but the help file mentions that “Low” is a good level for most users and Low is:
“Low: The firewall shows alerts for outgoing and incoming connection requests for an application. This is the setting recommended by Comodo and is suitable for the majority of users.”

So if you set the alert frequency to “Low” then lets say example.exe is trying to connect from 192.168.0.2 to 192.168.0.3 from source port 80 to destination port 80 using TCP, then an alert will be shown for that, and if you click “Allow” then it will create a rule to allow all outgoing traffic for that application, so if example.exe tries to connect from 192.168.0.2 to 192.168.0.4 from source port 80 to destination port 2000 using UDP, then it will also be allowed because of the application rule.

With Alert Frequency set to “Very High” it creates much more detailed rules for each alert, for example lets say example.exe is trying to connect from 192.168.0.2 to 192.168.0.3 from source port 80 to destination port 80 using TCP, then if you click “Allow” then it will create an application rule that states to allow TCP traffic from IP 192.168.0.2 to 192.168.0.3 using source port 80 and destination port 80, now lets say example.exe tries to connect from 192.168.0.2 to 192.168.0.4 from source port 80 to destination port 2000 using UDP, then there is no rule to deal with that, so it will show another alert and if you choose allow then it will create another application rule that allows just that and so it continues.

I have to point out though that I’ve said that answering the alerts makes application rules, that’s only true if you have “remember my answer” ticked for the alert, if that is unticked then it will create a session rule for the application that will be cleared as soon as the application is closed, the rest still applies though.

It could be although I can’t say if it was that, could be a coincidence, but yes it could be that setting that was causing all the network intrusions.

so far no intrusions knock wood…

maybe my case is solved… I’d really like to believe it is!

with regard to the alert frequency issue thank you so much for the detailed explanation
I think they should include such examples in the Comodo help section…
I haven’t decided yet whether to have it on low or the default unticked altogether after all I don’t have much problems other than the network intrusions that were on my local network… maybe I’m wrong not to set the alerts high like yours but I suppose I believe I’m good for now,
maybe in future versions of Comodo they could have all these options kinda built in into the profile one chooses like the proactive and internet security etc…

thank you again for your time and very kind help
meoww