ICMP Logs

I have a global rule for ICMP but it keeps on logging. What else do I need?

Please help.

http://i15.tinypic.com/8g3w1gg.png

http://i2.tinypic.com/6jclkyu.png

It’s logging that? And there’s no check in the “log this” box of the rule… Looks to me like you’ve tripped over a bug.

These are ICMPs within your network which you have probably trusted. Comodo handling of IPs for the LAN and the WAN seem to be a bit inconsistent.

Do you have System logged in Application Rules?

EDIT: I ask this question before and was guided to make this rule https://forums.comodo.com/help_for_v3/comodo_is_blocking_cwindowssystem32svchostexe-t16066.0.html;msg109682#msg109682. I don’t have the slightest idea if it is making some complications. This rule stopped the logging temporarily but it is back again. Please advise.

http://i13.tinypic.com/71qum39.png

Ah, I missed that. I see what Soyabeaner’s talking about. The Application rules, and not the Network Zones. Good catch, Soyabeaner. Thank you.

It’s Firewall → Advanced, Network Security Policy, the Application Rules tab. There is an entry there for “System”, and the last rule is a “Block&Log all umatched packets”. An inbound ping is definitely an unmatched packet.

So you’ll need to add a rule to block, and not log, ICMP “echo request” packets. Something like this:

Block
Protocol ICMP
Direction In
Source any
Destination any
ICMP details: ICMP Echo Request

and position this new rule above the Block&Log default rule.

Do you have System logged in Application Rules?

Soyabeaner, is this what you mean?

http://i18.tinypic.com/86yd7pu.png

Block Protocol ICMP Direction In Source any Destination any ICMP details: ICMP Echo Request

http://i7.tinypic.com/6o5lu1g.png

http://i2.tinypic.com/6yuiyyp.png

Grue155, there are just too many options when trying to add a rule and it confuses me. Can you you give a detailed way to do this?

Alrighty, step by step.

On the Application Rules screen, there is the System line, with its rules. Click on the rule that says “Block and Log All Unmatching Requests” to highlight the line.

Now, right-click that line, and select “add rule”. This is the new ICMP rule.
Block Protocol ICMP Direction In Source any Destination any ICMP details: ICMP Echo Request

Click Apply when you’ve entered the rule. That will position the new rule probably after the Block&Log rule. Click on the new rule to highlight it. Use the “Move Up” and “Move Down” buttons to reposition the new rule above the Block&Log rule.

The Apply, and done. That should take care of it.

Thanks a lot. I hope this will stop all these loggings.

http://i17.tinypic.com/8aejb6t.png

That rule looks good. That should take care of the logging.

I’m on the end of my day here. If there’s anything more that comes up, I’ll have to pick it up tomorrow, probably after 1800 GMT.

With all these rules Comodo is still logging:

http://i9.tinypic.com/89v27mo.png

All of these are on your LAN, why not just allow them within, it’s a private network…

I don’t know what these things are and I don’t know if it is good or bad. Since it is being blocked, I am assuming that it is bad [correct me if I am wrong]. I just wanna stop the logging because my pc lags after a while.

All of these are on your LAN, why not just allow them within, it's a private network...
Toggie, I already made all the rules but if you know that allowing these things won't damage anything, what is the easiest way to allow it and do I have to reverse all the rules I made?

The logging is still happening? That surprises me.

Toggie’s question is a good one. The source is on your LAN, at 192.168.0.2. So why is it doing all that pinging, and can you turn it off? Being on your LAN, its not anything harmful, but probably more of a keep-alive function of some kind.

Back to the logging question.

The Network Security Policy should list all the rules in effect, for Applications and for Global. There are only two instances for “Block&Log” rules. That’s the System application, and the Global default. The rules put in place ahead of these should stop logging ICMP echo requests entirely.

Since the rules I’ve suggested so far haven’t been stopping the logging, then those rules aren’t doing anything. The next step will be somewhat more drastic. Two things to try:

First is to click Firewall → Advanced, Firewall Behaviour Settings, the Alert Settings tab, and then clear the checkbox for enabling ICMP alerts.

If that doesn’t do anything, then the real hard way is to turn off logging. That’s Miscellaneous → Settings, and the Logging tab, and then mark the checkbox to disable logging (firewall first, then both firewall and defense+ if firewall alone doesn’t do it). I dislike turning off logging, but it should take of the problem for the moment, as a test case if nothing else.

I’m coming back to the thought that there is a bug down in the bits somewhere.

The thought occurred to me that maybe one of the predefined firewall policies is getting tripped. The predefined rules seem to have “block&log” as their default.

So, before trying the drastic measures, I’ll suggest going thru each of the Predefined Firewall Policies, and change any default “block&log” rule to be just a block (no logging) rule. Click on the rule to highlight it, click Edit, and then clear the checkbox that says to log the event. Make notes as you go, and be prepared to restore settings after going thru everything.

If the logs would tell us which rule was getting tripped, this would be easy. Lacking that detail, its going to be some trial and error. If that doesn’t identify the source of the logging, then it’s time to go on to more drastic measures, like disabling logging.

How would we know if there is a bug? Is there a file somewhere that can tell us if there is bug?

http://i1.tinypic.com/6wo3o9g.png

I also have a gazillion of these LAN generated rules. I believe that it is NetBIOS checking who is/isn’t on the network. I would try turning off NetBIOS but was lead to believe that I can’t if I want to share a printer or files on my Lan (what’s the truth? who knows? really, can I safely disable netBIOS on my LAN computers and still share files and printers?) I think I want these harmless pings to go thru on my lan to keep the machines happy; I want a well-oiled computer network so I don’t want to just turn off logging (ostrich response).
I set up most/many of Gibran’s “Useful Firewall rules and policies” except ones I didn’t understand (several, such as the 1st two “Global Rules” which seemed to just nearly drop or open-up the firewall. I really appreciate Gibran’s Setup help but there wasn’t much explanation of what each entry did. Networking really got complicated. I may be ignorant but that’s not stopping me, Onward thru the Fog.

Unfortunately, no such file to tell us is there is a bug. We have to use process of elimination, and after having exhausted all the possibilities, the problem still exists, then we call it a bug.

The steps so far have been eliminating possibilities. There are not many possibilities left, so the likelihood of a bug is getting greater and greater.

On Predefined Firewall Policies, I Turn On then Turn Off again the logging for each item on the list. If nothing comes out I will Turn On the logging one at a time and observe which one will produce the loggings then I will come back here to make a report.

Thanks for all the patience guys.