Outbound Policy Violation help

Hello everyone. Smootch! Don’t worry, that was to my wonderful new version of Comodo Firewall. I will just thank anyone that helps me with my quick question. What exactly is, Outbound Policy Violation Access Denied ICMP=Port Unreachable reported in my Logs by the Network Monitor with a Medium Severity? I hope this is clear, and something normal. I read the description down at the bottom, and understand the source is my I.P address and that it’s outgoing, but the destination is Is that my router maybe, and should I allow it? And if so, How? I guess this turned out to be more than a quick question huh? Thanks again ahead of time though, and I will appreciate everyones help.

I’m getting the same thing. But, the destination IP is always one of my Domain Name Servers (DNS).

In fact, I was getting so many reports on this in the log, I eventually created a block rule before the block & log rule in the Network Monitor, just to silently knock out ICMP Out Port Unreachable’s before they got there & were logged.

I’ve no idea what these Port Unreachable’s are all about. ???

Thanks for the response kail. I’m sure it’s nothing major then, but we’ll have to see what some others have to say I suppose. I also noticed this report was only in the Logs on my account, and not in the ones on my wife’s account. We were both logged on, but my side was up. I hope that made sense to someone. Anyway take care.

Does this help? I was receiving them until I allowed ICMP between my router and my PC.

ICMP is the acronym for Internet Control Message Protocol They are failed connections ICMP unreach packet carries first 64 bits(8bytes) or more of the original datagrami and the original IP header.

The ICMP Destination Unreachable (message type 3) is sent back to the originator when an IP packet could not be delivered to the destination address. The ICMP Code indicates why the packet could not be delivered. The original codes are:

* 0 - net unreachable
* 1 - host unreachable
* 2 - protocol unreachable
* 3 - port unreachable
* 4 - fragmentation needed and DF bit set
* 5 - source route failed

As far as why… ``it all depends…‘’

ICMP Unreachable Error Messages are divided into two groups:

  1. ICMP Unreachable Error Messages issued by routers (all 16 of them)
  2. ICMP Unreachable Error Messages issued by a Host (only 2)

What are the only 2 issued by a host? ICMP Port Unreachable - the destination port on the targeted host is closed (a.k.a. not in a listening state). ICMP Protocol Unreachable - the protocol we were trying to use is not being used on the targeted host.

Both ICMP Type field and Code field indicates why the packets could not be delivered. Some snort ICMP alerts" are informational like the ICMP alerts found in icmp-info.rules. At this time there are no references or even classtypes associated with these rules.



This thread might help.


Thank you. Some of the Logs are now indicating Inbound Policy Violation (Access Denied=IP (my own) Port=nbsess 139) with Protocal TCP incoming. I think this is the Routers true IP address. The other IP address for outbound I saw, I believe is the false one given by the Ruoter like when you go to Shields up and it identifies it.