Open Port?


this should be easey, but I still have a problem…

I try to open port 18714.
I turn off comodo firewall and test with one of these

All tests succeed.

I turn on the firewall (to won rule).
I tried these global rules on top position in the list, allow TCP or UDP in and OUT for any source address to any target address with
source port target port
any 18714
18714 any
any any

None of these rules gave me a success on any test.
I can’t imagine a rule that is more open then the last one…
Turning the firewall off again makes the tests succeed…

What did I miss?

(edit: I hadn’t finished typing when I touched the send button)

Not easy to tell: you don’t say what comodo version you are using, what configuration, and what application is supposed to use port 18714.

Global rules are almost always a nasty idea, as they apply first for inbound, but last for outbound, only speak about tcp and udp, and can be overcomed by a lot of other rules: icmp, firewall security rules, defense+, sandbox…

The good procedure is to look at the cis logs to check what was blocked if any, and to set cis to proactive/custom so it can learn and set itself what has to be allowed.

Thank you.
I entered the version in the first post which was eaten by the forum software…
It’s 4.1.150349.920 on Windows 7 Prof.

The configuration is called “COMODO - Firewall Security” if that’s what you mean.

Actually I wanted COMODOD to ask me, but it simply does not, although I use the “own Rule” level where it says I will be alarmed every time it blocks, and I added an ask me rule to the browser (I expected this would be the application that is testing it).

Thanks to your reply I found the log and it says that Windows Operating System is blocked. (In, TCP).

I tried the levels “Safe Mode” and “Training Mode”, but no asking, so I returned to “!own rules”.

After reading the log, I changed the global rule to allow TCP/UDP in from anywhere to anywhere with any source port to 18714, but it still is blocked.

To my understanding and according what you say, it should be applied first and unblock the port. Maybe not a good idea, but I also want to verify that I have the correct idea of how the firewall works.

I tried to add a specific rule for what is logged as “Windows Operating System” but could find an entry for that in the Application list. They should use the same names here and in the logs.
There is already a ruleset for “System” so I added a ask-me rule for that, but it does not ask.

I am not very good with cis v4 (i am using v3), i shall only try some hints:

-you have no way of modifying windows operating system rules
-it seems that cis blocks alltogether tcp in, and probably not only your particular request.
If possible, set cis configuation to “proactive”, firewall to custom, defense+ higher the safe: it should now ask.
-if it still doesn’t work, make the test again after disabling the sandbox.

Thank you.

I tried your recommendations.

-you have no way of modifying windows operating system rules
If that's true I will never get the port free, since it is blocked by this rule?
-it seems that cis blocks alltogether tcp in, and probably not only your particular request.
ALL TCP? How can I read and answer your message then?
If possible, set cis configuation to "proactive", firewall to custom, defense+ higher the safe: it should now ask.
I needed to switch to English first to see what you mean. What you refer to as "custom" was "own rule" in my words. I disabled defense+ (all I want is a firewall) Yes, it asks now for everything thing I do again. Seems that changing the configuration erased all my previous answers. (I hope it is stored in the old configuration?). [b]Except[/b] for the ports test.. they are still blocked without any question.

This is getting too erratic. I want to know how the firewall is acting, it should be predictable. This was the reason why I wanted to get rid of Microsoft’s firewall in the first place.
I will look for another firewall.

Thank you

Read the following tutorial I made. Substitute the port number and protocol for your situation.

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

For testing make the program a Trusted application. When the problem is solved you tighten up the application rule if you want.