I can't set global rules?

WTH · July 29, 2008, 10:21am

I just installed CFP 3.0.25.378, but I can’t set global rules. Here’s what I do:

I click on Add:

http://img253.imageshack.us/img253/3511/comodo1wd0.th.jpg

I fill in a name and click Destination port:

http://img253.imageshack.us/img253/7903/comodo2ql5.th.jpg

I fill in something, and click Apply:

http://img253.imageshack.us/img253/5403/comodo3an9.th.jpg

But here’s what I get:

http://img253.imageshack.us/img253/6519/comodo4uq6.th.jpg

I tried all kinds of different things, setting source address as well, specifying ports, etc.
But it just keeps saying this.

What am I doing wrong??

system · July 29, 2008, 11:05am

Not sure what your doing wrong wrong but what are you trying to accomplish. If you want to block all incoming connections then simply run the stealth port wizard.

WTH · July 29, 2008, 11:31am

Suppose I have a server somewhere and I want to allow ANY traffic to/from that server. It should be possible with a rule like this, right? (but of course using one specific IP)

But still, this is just an example. The problem is, no matter what I fill in there, it ALWAYS says “invalid argument”

WTH · July 31, 2008, 9:04am

One more try - is what I’m doing here really not possible? And if this error is not a bug, then WHAT arguments are invalid?

Forget the particular rule or example I posted above, I just want to know how to create global rules in general. Can anyone give me an example of a global rule that involves a remote IP (or IP ranges) and/or ports, that is not rejected because of “invalid arguments”??

system · July 31, 2008, 10:54am

Did you read the help file system?

broep · August 1, 2008, 12:35am

I came for the same problem and running the wizard like Vettetech suggered worked . I believe the bug happens if you empty the global rules totally …

grue155 · August 1, 2008, 5:52pm

I vaguely recall there being something odd about having descriptive names in rules. Try leaving out the rule description, and create an any-any-any rule. If that works, then edit the new rule to what you want it to be.

Otherwise, I’m kind of guessing. So that I can try to re-create the problem, what rule, exactly and in verbatim, are you trying to enter?

WTH · August 3, 2008, 12:11pm

Thanks, I will give that a try.

I was trying to add a rule to allow any traffic (TCP or UDP, outgoing or incoming) to/from 192.168.1.24 (a local server which I connect to with all kinds of programs and tools), and similarly for 66.33.199.243 (a remote server).

grue155 · August 4, 2008, 6:44pm

I was trying to add a rule to allow any traffic (TCP or UDP, outgoing or incoming) to/from 192.168.1.24 (a local server which I connect to with all kinds of programs and tools), and similarly for 66.33.199.243 (a remote server).

I’m reading your description as involving three machines, and at least two firewall rules.

You have ThisPC (the machine you’re using, with CFP installed), machine LANsrv at 192.168.1.24, and machine RMTsrv at 66.33.199.243

To communicate with machine LANsrv, from ThisPC, you’ll need these two CFP rules in your Global Rules:

allow TCPorUDP In from singleIP[LANsrv] to singleIP[ThisPC] where srcport is any and destport is any
allow TCPorUDP Out from singleIP[ThisPC] to singleIP[LANsrv] where srcport is any and destport is any

The reason for the two rules, is because the address positions swap based on direction. It’s inbound from the servers, and outbound from ThisPC. The natural form for humans, is just one rule: if it’s to or from the server, then okay. Computers don’t make the distinction, so there have to be two rules.

And you’ll probably need to add ICMP In and Out rules also. If the TCP or UDP packets hit a problem, they send back complaints by ICMP. If ThisPC doesn’t get the message, it’ll just sit there until something times out, and you’ll wonder why it’s taking so long, and it still didn’t work. But, that’s for later.

And then a similar ruleset for the RMTsrv. That’s also for later.

The original question, back at the beginning of this topic, was getting that first rule entered. So, try this for yor Global Rules:

Action: Allow
Protocol: TCP or UDP
Direction: In
Description: your words here
Source Address: single IP: 192.168.1.24
Destination Address: any # “any” will work for the address of “ThisPC” for this rule
SourcePort: any
DestinationPort: any

and the second rule:

Action: Allow
Protocol: TCP or UDP
Direction: Out
Description: your words here, part 2
Source Address: any # “any” will work here also, for this rule
Destination Address: singleIP: 192.168.1.24
SourcePort: any
DestinationPort: any

You should be able to enter those rules, as given. If not, then something really unexpected is going on.

jfg · August 17, 2008, 4:29pm

I have the exact same problem. I can’t set any Global Rules. It pops me an alert box, complaining about a invalid argument.

I use COMODO Firewall Pro version 3.0.25.378

Dennis2 · August 17, 2008, 6:12pm

If you read this thread in Bug reports Ronny shows a workround for this problem.
Dennis
https://forums.comodo.com/bug_reports/cpf_3025378_bug_cannt_add_any_global_rule_after_removing_all-t25500.0.html

EDIT Here is Ronny’s post
Confirmed Windows XP SP2, 3.0.25 x32.
You will get a nice Red X, An invalid argument was encountered.

Workaround:
Go to Firewall, Common Tasks, Stealth Port Wizard and select:
Alert me to incoming connections - stealth my ports on a per-case basis.
And your global rules are restored. After that you can add your “Allow IP In/Out From IP Any To IP Any Where Protocol Is Any” again.

So this look’s like a minor BUG to me.

rhgtyink · August 17, 2008, 7:09pm

Thanks Dennis.
(:WAV)

jfg · August 17, 2008, 9:48pm

Works great now! Thank you.