Rules Conflict with Inbound Connections?

I am trying to run a server with Comodo firewall installed but it seems that Comodo blocks the SYN packets coming in from my router even though I allowed the application full inbound and outbound access. (Yes, I am using NAT, and the source of the SYN packets are from my router’s IP address)
Anyways, this is caused by the “block all” rule which purpose seems to be stealthing the whole system. If I delete this rule, Comodo starts to prompt me whether or not I want to allow certain of my programs to act as a server. These messages did not show up before when the block all rule was present.
The only way I could solve this issue is by either turning off the firewall or manually adding a TCP IN entry for the port I am using with my server.
Is this behavior designed this way or am I missing something here?
I am currently using the 2.3 beta.
Please advise.
Thanks! :smiley:

Hi Memo,

you will need to add the necessary network control rules. Network rules overrides application rules.This means even if you give full access to an application, if you dont add necessary network rules, packets will be blocked.

Yes this is by design.

FYI, these act as a server behavior changed significantly in the next beta release we are about to release.

Egemen

Thanks egeman for your generous reply.
Would I be able to add “application rules” that allow applications to act as a server in the future so that the user gets asked if they want them to really act as a server? I think a lot of gamers may experience problems with Comodo with the way this is setup since most of them just click Allow on the popup prompts not knowing that their inbound connections will be blocked.
Thanks.

Yes. This is a necessary feature. We will provide an option to make applications that are willing to receive a connection to be able to open a port temporarily, during its life time. But since this will affect the invisibility of the user, users will need to select this option explicitly, in the popup and application rules.

Thank you for the feedback,
Egemen

Muchas Gracias! (B)

This will be a very nice feature! ;D

We can already make rules for that on Network Monitor, but every application can use them, so this will be more restrictive… :slight_smile: