Stealth Ports Wizard [HELP]

Have just installed the latest version. It was a clean install. I am not sharing (single
desktop 'puter behind router), so I don’t really need to define a new trusted network.
However, the Stealth Ports Wizard, does not remember my selection ‘Block all incoming
connections - stealth my ports to everyone’. The wizard insists on: ‘Define new trusted
network - stealth my ports to everyone else’. Why is this ?
(BTW all ports are stealth anyway per Shields Up test bypassing router).


Don’t know if I am right, but you have to allow communication with the router.
Thats why you need to have a trusted network.,, are not routed by default and are always reserved for intranet.
So you need to make sure you are on the same segment with the router and make it a trusted zone.

Spot on. The connection between the PC and the router is classed as a network, and you will need to allow traffic between the devices on this segement.

Ewen :slight_smile:

Yes, but I don’t think it is necessary. The network zone is listed under My Network
Zones … (Marvell Yukon Gigabit ethernet controller etc… IP In xxx etc…).
Everything is stealthed (with router bypassed and using plain dial-up).
So I am just wondering whether it is advisable to nevertheless define
a trusted network - I suppose then the Wizard would be amenable
to remembering ‘Block all incoming connections - stealth my ports to
everyone’ ?

Otherwise NICE effort (and appreciated) by Comodo.

PS. ( With my linux Ubuntu I don’t have to worry about any of this stuff. ;D but I also use XP
and there I am very pleased with Comodo)

You can also make allow all IP trafic in/out to the router IP (without ICMP echos).
It is same as defining it as a trusted zone.

I think there is a problem with the Stealth Wizard. It should remember
when ticking ‘Block all incoming …’ whether or not the network is trusted.
Also size of log file is not remembered.
Updated to version - still the same.

Why should it remember if the network is trusted? You should define that yourself.

mine doesn’t remember either. that is the one flaw that has been consistent through all versions


Stealth Wizard is a rule generator and not integral part of the engine.
You should generate rules by yourself for maximum flexibility.

Anyway the stealth wizard generates the right rule for me. Even though everytime I start it it doesn’t remember what option I selected the last time, everytime it refreshes my global rules.

either way, it must be a bug though

It is not a bug, it is just a wizard that configures your network policies for you.

Take a look at Firewall > Advanced > Network Security Policy > Global Rules (:WIN)

They just forgot to say on the wizard where its configs were going to (:NRD)

i’m saying if you click anything other than define new network it doesn’t stick. it just goes back to the define new network radio button

And I’m telling you, Stealth Ports Wizard is not meant to store config. It always opens the same way.

The configs it does you can see at Firewall > Advanced > Network Security Policy > Global Rules. It is just a wizard.

ok. not on my machine anyway. nothing in global rules that i didn’t put there manually. i say it’s a bug

yeah if global rules is not changing, it must be a bug :frowning:

isn’t the point of a wizard to make it easier to set something up anyway. if you block all ports, shouldn’t it block all ports and remember? then if you want to unblock all ports shouldn’t it unblock them for you? what’s the point if you have to do it manually in global rules?

In the interim, there is a single click workaround to allow you to switch between allowing traffic and blocking all traffic, but it does mean you’ll have to get your hands a little dirty to set it up, but you only have to get dirty once. :wink:

In the global rules, set up an ALLOW rule for IP with a direction of IN/OUT, source and destination addresses set to a range that covers your LAN (including your router), source and destination ports set to ANY. Make sure this rule is at the top of your list and the only other rule is the catch-all block rule which must be at the bottom of the list. You should only have two rules at this stage.

Once this is done, create another rule with EXACTLY the same options as above, but in this second rule, select the EXCLUDE option (you’ll see why this is needed shortly). This second rule blocks all traffic EXCEPT to/from your LAN. Move this rule to the top of the list, above the rule we initially created. you should now have three rules.

Edit the first rule we created (which is now the second rule in the list) and select the EXCLUDE option, so that rules 1 and 2 are now exactly alike.

Edit the first rule we created (which is now the second rule in the list) and deselect the EXCLUDE option, so that rules 1 and 2 are now as they were initially set up.

Not the most elegant solution and someone will undoubtedly come along a poke a bloody great hole in my theory, but this should work. :wink:

Hope this helps,
Ewen :slight_smile: