My computer is in an office LAN.There’s one printer connected to my computer which I have to share with 3 other PCs.However I do not want to add this LAN or the 3 PCs to trusted zone and still want to in the Block all incoming connections-stealth my ports to everyone mode.How can I add some specific rules only for sharing the printer?
At present,I’m in the Alert me incoming connections-stealth my ports on a per-case basis mode.I allowed two rules.One for svchost.exe and another for System.But It seems the rules are too raw and I feel less secure.So back to the point,what rules set do I need in the “Block all incoming…mode”?
I guess you should create a new zone that includes the PC you want to intercommunicate and then create a set of allow rules that use that zone.
Printer sharing should use netbios so you could try to create a new portset containing 135-139 range plus port 445 and then allow TCP or UDP connections to those ports.
You need to check the logs to see if the rules works and you need to add a block all IP ANY ANY rule at the end of all policies you create to allow printer sharing
Anyway this way you’ll enable also file sharing and those ports will not be sthealted to those pc.
BTW netbios was one of the most common attack vector used to compromise security.
“TCP or UDP” both in and out ?And do both of the source port and destination port use 135-139 plus 445?
Hope you could make the rules more detailed :-[
I’m not going to do this.Thanks for the information anyway.
Make a zone that inlcudes the IP addresses of the PCs that you want to allow to print via your printer
Thirdly, use the port set (for both source and destination ports) and the zone in a rule that uses “TCP or UDP” as the protocol and “IN/OUT” as the direction.
This rule wouild need to be moved above any BLOCK rules you may have created that address this port range.
I don’t know if I made the rule right.
Allow,TCP or UDP,In/Out
Source:Printer sharing zone(several ips)
Destination:My Mac address(DHCP sometimes changes my ip although I don’t know why)
Source and Destination ports:Printer sharing ports set(135-139,445)
And it’s above the only block rule there by comodo itself
The result is "It doesn’t work."Still they can’t use my printer in the block all incoming connections mode.
Neither did I see any log to prove the rule I made is fired.
Then I have some pics to show in the “Alert me to incoming connections"mode.
Pic1:After I allowed the alert,comodo made these two rules itself.my printer can be shared.
Pic2:The log shows it blocked many UDP incoming connections from port 137,but there’s no problem with printer sharing as long as I’m in the"Alert me…mode”.
Pic3:I changed the allowed rules made by comodo in pic1 to Ask,then these are showed in the log.
So I have got 2 conclusions:
1.It’s not necessarily to allow incoming UDP through port 137 for printer sharing.
2.There are other rules need to add.
System is a Dell Vostro 400 with 3GB. After installing CFP, I can no longer complete a print job nor can I delete the 99% priinted message from the queue. It’s like an EOF doesn’t get through. Of course, nothing after it will print because the queue is blocked. It’s a Dell AIO 926 (shared printer on USA port) and I can delete the printer with a Dell utility that also kills the queue, and reinstall it - but that’s a PITA, especially 20 times a day. I can’t be the only kids on the block with this problem, but I sure can’t find the solution here. It worked fine for over 2 years and just started this when I installed CFP. I am otherwise really happy with CFP. Any ideas?.
