Option for media player streaming on Lan or NFS server

Firewall miscellious option “block fragmented ip datagrams” blocks any media player streaming on Lan.

Fragmented UDP packets are normal for NFS. NFS uses blocksizes of 4096 or 8192 bytes, these must be fragmented over the ethernet with a maximum packet size of 1500 bytes. Perhaps the fragments are seen as malformed UDP packets.

An option to exclude a local ip, lan or a defined zone from blocking would be great … or perhaps a proper detection :wink:

( After a short search i found only this relevant/similar wish in the living threads)

See these previous messages concerning TVIX media player and others :
https://forums.comodo.com/firewall_help/block_fragments_ip_datagrams_and_my_multimedia_player_tvix-t47030.0.html;msg338722 ( still a problem in 2009 )

This one is difficult. There are indeed situations when you’d want to let large fragmented packets through, for example in Counterstrike.

However, for the vast majority of people, the rule is correct. The others could still deactivate it at their own peril. The problem is, of course, that this is normally the business of the router or a dedicated firewall that protects the LAN from the WAN. A good router, like Draytek, gives you the option to configure rules for fragmenting so you don’t need to care about every PC on the LAN.

I agree, however, that it makes little sense to apply any of the settings under “Attack Detection” to the network(s) that is(are) configured under LAN in “My Network Zones”. It’s up to the user to define his trusted zone(s) there, and CIS should ALWAYS exclude those zones from Attack Detection - I don’t even see the necessity of a checkbox to give the user a choice.