Hi,
Looking at “netstat -s” results I can see a lot of ICMPv4 messages sent.
I have “Block and Log ICMP In/Out From IP Any To IP Any Where ICMP Message Is Any” in both “Global Rules” and at “App Rules/WOS”.
At cfplogvw page I don’t see those sent blocked msgs logged (those wich netstat shows).
Are those ICMP msg being blocked?
Is this normal, or is it a bug?
Thanks.
Hi AeoniAn
Are you using any p2p software?
Hi, Toggie.
This happens with or without P2P.
For now, I got a fresh IP (dynamic), re-started my PC and navigated with FF, downloading something via FF. Netstat is showing 72 sent msgs and cfplogvw only shows 1 blocked.
Anyway, if some msg are logged at netstat (OS/app is trying to send some) why aren’t they logged at CIS blocked or not?
I did a try allowing and logging all ICMP and the numbers doesn’t match (netstat/CIS), with netstat always showing a high number. Some of these msg are to DNS Servers from my ISP and some aren’t (probably IP’s from the sites I was visiting/downloading).
Do you know if anyone else did noticed this behavior? (My main point: Is CIS logging all ICMP messages?)
Ahh… Thanks for the repply!
I’m not sure I can provide a definitive answer for you, without some more detail.
It might be helpful if you could post screen shots of your application and global rules. I’d also like to know which settings you have enabled for the firewall, particularly firewall behaviour and attack detection.