Stealth Ports Wizard [HELP]

system · November 21, 2007, 11:35am

Have just installed the latest version. It was a clean install. I am not sharing (single
desktop 'puter behind router), so I don’t really need to define a new trusted network.
However, the Stealth Ports Wizard, does not remember my selection ‘Block all incoming
connections - stealth my ports to everyone’. The wizard insists on: ‘Define new trusted
network - stealth my ports to everyone else’. Why is this ?
(BTW all ports are stealth anyway per Shields Up test bypassing router).

Regards.

shinobiteno · November 21, 2007, 12:09pm

Don’t know if I am right, but you have to allow communication with the router.
Thats why you need to have a trusted network.

10.0.0.0-10.255.255.255,
172.16.0.0-172.31.255.255,
192.168.0.0-192.168.255.255 are not routed by default and are always reserved for intranet.
So you need to make sure you are on the same segment with the router and make it a trusted zone.

panic · November 21, 2007, 1:42pm

Spot on. The connection between the PC and the router is classed as a network, and you will need to allow traffic between the devices on this segement.

Ewen

system · November 21, 2007, 2:05pm

Yes, but I don’t think it is necessary. The network zone is listed under My Network
Zones … (Marvell Yukon Gigabit ethernet controller etc… IP In xxx etc…).
Everything is stealthed (with router bypassed and using plain dial-up).
So I am just wondering whether it is advisable to nevertheless define
a trusted network - I suppose then the Wizard would be amenable
to remembering ‘Block all incoming connections - stealth my ports to
everyone’ ?

Otherwise NICE effort (and appreciated) by Comodo.

PS. ( With my linux Ubuntu I don’t have to worry about any of this stuff. ;D but I also use XP
and there I am very pleased with Comodo)

shinobiteno · November 21, 2007, 3:11pm

You can also make allow all IP trafic in/out to the router IP (without ICMP echos).
It is same as defining it as a trusted zone.

system · November 21, 2007, 5:49pm

I think there is a problem with the Stealth Wizard. It should remember
when ticking ‘Block all incoming …’ whether or not the network is trusted.
Also size of log file is not remembered.
Updated to version 3.0.13.268 - still the same.

Coolio10 · November 21, 2007, 8:57pm

Why should it remember if the network is trusted? You should define that yourself.

v941726 · November 22, 2007, 5:11am

mine doesn’t remember either. that is the one flaw that has been consistent through all versions

kpc

shinobiteno · November 22, 2007, 7:28am

Stealth Wizard is a rule generator and not integral part of the engine.
You should generate rules by yourself for maximum flexibility.

Japo · November 22, 2007, 12:44pm

Anyway the stealth wizard generates the right rule for me. Even though everytime I start it it doesn’t remember what option I selected the last time, everytime it refreshes my global rules.

v941726 · November 22, 2007, 5:32pm

either way, it must be a bug though

Hikari · November 22, 2007, 6:43pm

It is not a bug, it is just a wizard that configures your network policies for you.

Take a look at Firewall > Advanced > Network Security Policy > Global Rules (:WIN)

They just forgot to say on the wizard where its configs were going to (:NRD)

v941726 · November 22, 2007, 10:43pm

i’m saying if you click anything other than define new network it doesn’t stick. it just goes back to the define new network radio button

Hikari · November 23, 2007, 12:17am

And I’m telling you, Stealth Ports Wizard is not meant to store config. It always opens the same way.

The configs it does you can see at Firewall > Advanced > Network Security Policy > Global Rules. It is just a wizard.

v941726 · November 23, 2007, 12:31am

ok. not on my machine anyway. nothing in global rules that i didn’t put there manually. i say it’s a bug

Hikari · November 23, 2007, 12:39am

yeah if global rules is not changing, it must be a bug

v941726 · November 23, 2007, 2:34pm

isn’t the point of a wizard to make it easier to set something up anyway. if you block all ports, shouldn’t it block all ports and remember? then if you want to unblock all ports shouldn’t it unblock them for you? what’s the point if you have to do it manually in global rules?

panic · November 23, 2007, 9:27pm

In the interim, there is a single click workaround to allow you to switch between allowing traffic and blocking all traffic, but it does mean you’ll have to get your hands a little dirty to set it up, but you only have to get dirty once.

WHAT NEEDS TO BE SET UP
In the global rules, set up an ALLOW rule for IP with a direction of IN/OUT, source and destination addresses set to a range that covers your LAN (including your router), source and destination ports set to ANY. Make sure this rule is at the top of your list and the only other rule is the catch-all block rule which must be at the bottom of the list. You should only have two rules at this stage.

Once this is done, create another rule with EXACTLY the same options as above, but in this second rule, select the EXCLUDE option (you’ll see why this is needed shortly). This second rule blocks all traffic EXCEPT to/from your LAN. Move this rule to the top of the list, above the rule we initially created. you should now have three rules.

TO BLOCK ALL TRAFFIC
Edit the first rule we created (which is now the second rule in the list) and select the EXCLUDE option, so that rules 1 and 2 are now exactly alike.

TO ALLOW TRAFFIC TO/FROM OUR LAN
Edit the first rule we created (which is now the second rule in the list) and deselect the EXCLUDE option, so that rules 1 and 2 are now as they were initially set up.

Not the most elegant solution and someone will undoubtedly come along a poke a bloody great hole in my theory, but this should work.

Hope this helps,
Ewen