If I’m using stealth ports (alert incoming connections) option from firewall’s task and firewall rules set to custom level (with alert frequency level sets to medium or high), do I need them booth?What’s the difference between them?With firewall custom ruleset I’m getting alert for every incoming and outgoing connection also.
With stealth ports option on (alert incoming connections) I see one new rule in the global rules and it’s about ICMPv6.Is this important if I don’t use IPv6 traffic?And if I allowed incoming connection for some application under firewall applications rules with custom ruleset (before I turned on ports stealth option), will I receive in the future new messages about incoming connection for that application with stealth ports option turn on?
And I don’t talking about stealth ports option in general, I don’t need to block all incoming connections, so I don’t talking about stealth ports option ““Block incoming connections”, just about " Alert incoming connections”.
I’m using CIS 8.4.0.5165.
Can someone clarify this for me?Thanks in advance.
When the firewall is set to safe mode and alert incoming connections then you will only receive alerts for incoming connects for applications that are not rated as trusted. To receive alerts for all applications then set the firewall to custom ruleset, and of course make the applications in question does not have a block or allow rule for incoming connections.
With stealth ports option on (alert incoming connections) I see one new rule in the global rules and it's about ICMPv6.Is this important if I don't use IPv6 traffic?
That extra global rule for ICMPv6 only appears when you enabled filter IPv6 traffic and then set alert incoming connections. If you do not use IPv6 whether native or by the use of tunneling or encapsulation, then you don't "need" that rule but it doesn't affect anything if you have it. It just blocks incoming ICMPv6 echo requests just like the ICMP block echo requests global rule.
And if I allowed incoming connection for some application under firewall applications rules with custom ruleset (before I turned on ports stealth option), will I receive in the future new messages about incoming connection for that application with stealth ports option turn on?
It depends on what the allowed rule to is configured for incoming for that application and what the firewall frequency level is set to. e.g. if frequency level is set to high and the allow incoming rule is set for TCP for any destination ports, then you would get alerts for every incoming UDP connection for each UDP destination port.
Thank you futuretech for the answer very much.
So, existing firewall applications rules under custom ruleset which I set before turned on stealth ports option are in prime position and stealth ports option is covering up everything else or anything new.
But I see that then I will need to disable option “Do Protocol analysis”. What would I loose with that, what “Do Protocol analysis” option really does?Is that really necessary for my PC network protection, more then blocking IP protocol for utorrent and protecting privileged ports when I’m using it?
So, existing firewall applications rules under custom ruleset which I set before turned on stealth ports option are in prime position and stealth ports option is covering up everything else or anything new.
Yes it should alert for any incoming or outgoing connections that don't have rules in place to deal with such connection requests.
But I see that then I will need to disable option "Do Protocol analysis". What would I loose with that, what "Do Protocol analysis" option really does?Is that really necessary for my PC network protection, more then blocking IP protocol for utorrent and protecting privileged ports when I'm using it?
I don't think that is necessary to disable protocol analysis and I have never had issues with it being enabled when using P2P applications.
Basically, I only need incoming connection for utorrent.I want to create Predefined Firewall Policy for utorrent like written in this guide: https://help.comodo.com/topic-72-1-284-3069-Enabling-File-Sharing-Applications-like-BitTorrent-and-Emule.html
Honestly that guide makes it more complex than necessary and I would just make two simple yet effective rules.
1. Allow In TCP/UDP Source address any Source port any Destination address any Destination port = port set in utorrent.
2. Allow Out IP Source address any Source port any Destination address any Destination port any