Network Control blocking more than the rules would suggest...

If I turn off Network Control rules, network app XYZ works perfectly.

If I turn on Network Control rules, but tell it to pass everything (the first rule is Allow, Protocol IP In/Out, Any Src, And Dst where IPPROTO is ANY) then network app XYZ fails miserably.

Now I would have thought that the aforemented rule would pass everything and make Comodo behave exactly the same as if Network Control were disabled, but obviously it’s not. What could Comodo be blocking and how do I tell it not to.

Hi and welcome to the forums,

I wouldn’t advise setting the rule you mention to allow - this should be the main block rule located at the bottom of the list. What you need to do is either use the Define a trusted network wizard found in the tasks section (quicker). Or you could create a rule as follows:

Action: Allow
Protocol: TCP/UDP
Direction: In/Out
Source IP: IP Range -
Destination IP: IP Range -
Source Port: Any
Destination Port: Any

Of course you’ll need to enter your network range if its different to the one i entered. Give that a shot and you should find your app works fine.

I’m not able to try this right now, but I can’t imagine why it would possibly work, after all, the rule that you suggested is no less restrictive (and in several aspects more restrictive) than the rule I already tried using.

Specifically your rule will only pass TCP/UDP IP packets whereas my rule will pass any type of IP packet. Also your rule will only pass traffic on a single subnet, whereas my rule will pass traffic any traffic irrespective of it’s source/destination IP addresses.

Am I missing something here?


What shows up in your logs?

If your ruleset doesn’t have logging turned on, open CFP, and click on SECURITY - NETWORK MONITOR. Double click each rule in turn and turn on logging. Reboot the PC and attempt to run “XYZ” app.

Once it fails, open CFP and click on ACTIVITY - LOGS. See if you can see where the application is being blocked. If you can’t spot it, do a right click inside the log window and select “Export HTML”. Post the resulting HTML file here for inspection.

Hope this helps,
Ewen :slight_smile: