New to CPF--Can websites be "whitelisted"?

I like how CPF defaults with a rule to block all “IP In”. However, it seems to be interfering with some interactivity with certain safe websites. Is there a way to “whitelist” these sites? It seems CPF’s approach is different in this regard from other firewalls.

Welcome to the forums.

Can you give us an example of what websites it interferes with, and in what way does it interfere?

Ewen :slight_smile:
(WCF3) (WCF3) (WCF3) OI OI OI!

I like to keep manual copies of Windows XP SP2 updates. That site is found at [url][/url]. If you choose to view the updates as a list, it won’t show the list, although the rest of the site being viewed remains intact. This only started happening with CPF, not with my previous firewall. If I change the “IP In” rule to Allow, then all is well. But I would like to keep that rule as Blocked, if I could only clear this and other safe websites by a rule or something.

Also, a friend of mine installed CPF to replace ZoneAlarm’s firewall, and he is experiencing a similar problem with some member-only features of that display lists on the website.

FWIW, no problems with the MS update site for me. ‘IP in’ rule is set to block.

This should be because ICMP Fragmentation needed message is being blocked. All you need to do is to add a rule to allow incoming ICMP frag packets.

1 - Go to Security->Network Monitor
2- Select the first rule(usually Allow IP out) and right click on it
3- From the right click menu select “Add Rule->Add After”
4- From the opened window, Action = Allow, Protocol= ICMP, Direction = IN
5- Source/ Remote IP is ANY
6- Click on ICMP Details tab, Select “Custom” and
7- Write Type = 3, Code = 4 and press OK

Please have a look at the attachment to make sure you have the same rule as me.

This rule should allow incoming ICMP fragmentation needed messages so that your problems like partial page loading will be solved.

Hope this helps,


[attachment deleted by admin]

Thanks egemen, it worked. This won’t open me up for any kind of ICMP frag attacks from any source, will it?

And even though this worked, I am still curious if there is a way to “whitelist” a site with rules.

Hi egemen,
how come the rule of ICMP fragmented packets isn’t included on the rules creation? Will you implement it in a future update?

Hi Pan,

Yes. This should be added by default along with some others.


Thanks egemen. It will be a great help :smiley:

just one more question… Will this method open me up to any kind of ICMP frag attacks from any source?

No go, Comodo won’t let me create the rule, it defaults to ICMP fragmentation needed rule:(