Ignored rule ( X32)


Core Quad, Windows XP SP2 x86 (+ some official fixes between sp2 and sp3), administrator, Comodo, Custom policy/Clean pc mode

I am trying to allow any tcp:113 (ident used by irc) to my computer. I put ‘Windows Operating System’ to the Netrwok Security Policy, first rule is to allow tcp in src any, sport any, dst any, dport 113. The packets still droped, because i have significant delay when irc client is connecting. Btw, if i turn on logging for this rule i see it ‘matched’ - comodo reports packet allowed.

Have you added the Allow rule for both Application Rules and Global Rules?

Global rules was empty.


For incoming traffic you have to allow this first with a manual rule on the Global Rules tab.
Firewall, Advanced, Network Security Policy, Tab to global rules, chose Add.
Allow TCP in Src Any Dst Any Src Port Any Dst port 113.

Apply this. This way the request should give you a pop up for the application that’s listening on this port and you can allow that and you can find that under the Application rules.

Oder of operation for checking firewall rules is:
Incoming, Global → Application.
Outgoing Application → Global.

An other question, windows does not by default listen to Ident port 113 for requests, does the IRC Client open this ?
open a commandbox and type: netstat -an, the look for something like

Thanks for the answer.

You try to say what the incoming connection is blocked on global basis ? Ok, but why if i turned logging on (for my application rule described before) i have record in logs saying - ok, packet allowed ? But the result looks like its not.

Yep, you are right. But in my case i dont need my irc client or something like ident server to listen on 113.
I just need to move the packet through firewall to os tcp/ip stack: if the firewall intercept the packet and drop it (so no answer in 3-step tcp handshake is generated) i have to wait a timeout period (about 90 seconds based on kernel configuration for tcp connection) until irc daemon will drop attempt to connect to me. Or, if firewall allow this packet tcp/ip stack will reply with RST flag fired (because i dont have 113 port opened) and will continue to authorize me on irc itself. Thats the exactly i need :slight_smile: Some irc daemons work this way - they send ident request and wait…

BTW, after some kind of ‘magic’ route changes 113 became ‘open’ from outside :frowning:

ps i dont want to move back to za :wink:

Would be a nice feature for CFP though, instead of Allow/Block also have a Reject Rule witch spoofs the TCP RST packet to the sender, this way it isn’t up to your system but up to you (:WIN) to Reject packets…