I have just finished reading the entire Comodo v6 manual and setting up my firewall.
There are two problems/questions for which I kindly ask your help
I have setup my network trusted zone as 192.168.1.1-255.255.255.0
Should I set it instead as 192.168.1.0-255.255.255.0? Does this make an important difference or not?
Even though the trusted zone is 192.168.1.1-255.255.255.0, I am occasionally getting an alert that svchost is trying to receive an incoming connection from remote computer 192.168.1.1. Why the heck is 192.168.1.1 considered a remote computer since it is already in the trusted zone? For the record, I have tried both “block incoming connections” and “alert incoming connections” options in the stealth ports option.
I am not sure what you mean by trusted zone, I haven’t heard that term in my time with CIS, perhaps you can link the manual page in question?
The way I have it set up is a network zone called “Home” with the IP address 192.168.0.0 / 255.255.0.0, I then have a global rule on the top that states "Allow IP In/Out From In [Home] To In [Home] Where Protocol Is Any.
Honestly I’m not sure, I’ve noticed that CIS doesn’t play 100% nice when using subnets but I wasn’t sure if that was only for me or not (because I am fairly certain my configuration is somewhat corrupted) For example when using 192.168.0.0 with the subnet mask of 255.255.254.0 that should detail 192.168.0.0 to 192.168.1.255 but instead CIS alerted me for pretty much every connection on these IP addresses, changing it to what I detailed in my other post fixed it for me.
I guess it could be a specific ask rule for svchost.exe that does this, you could try checking that but I’m not sure an application ask rule would have a higher priority than a global allow rule…
Unless anyone malicious is on the IP-addresses you’ve specified (I don’t really know enough about IPv6 to tell if that is a private or public address) i.e infiltrated your network, then there should be no issues… I think.
You’ll have to bear with me because as nothing on my PC requires incoming connections, I just block all incoming connections.
Through my eyes, it seems to be working as it should. You have a rule set in the ‘Global Rules’ to allow incoming requests from your router (192.168.1.1), which it is doing. Then the alert that comes up is an ‘Application Rule’ alert for svchost.exe asking if you want to allow the incoming request. If you look at the diagram at the following link, you can see how the traffic flows for incoming and outgoing requests (I.E. Incoming connections go through ‘Global Rules’ first, then ‘Application Rules’):
If the global rule was set to not allow incoming requests, then svchost would be none the wiser, as the connection request would be blocked by Comodo before it reached it and so you wouldn’t receive the alert. So from what I can see, the rules are doing what they’re set to do, but what you need to decide is whether you want to allow incoming connections and what for, then set the application rules for svchost accordingly.
If there is nothing that needs to make an incoming connection to your computer (such as for file sharing, etc.), then I’d personally block all incoming connections. When you set ‘Stealth Ports’ to “Block Incoming Connections” it should change the global rules so that it blocks all incoming connections (except Fragmentation Needed & Time Exceeded ICMP messages). However, as you said that it still happens when you done this, try it again and then look at the global rules to see what stealth ports sets it to. In the below screenshot are my global rules after setting Stealth Ports wizard to “Block Incoming Connections”.
Also, in answer to your first question, whether you use 192.168.1.0 or 192.168.1.1 with the subnet mask of 255.255.255.0, it shouldn’t make a difference.
Thank you Sanya IV Litvyak and Anabna for your answers.
Anabna the way you explained it now makes sense to me.
I do not want to disable incoming connections as I have file sharing and other communications setup between my lan computers so I need them to accept incoming connections.
The question then becomes what rules to give to svchost. I am hoping the rule I gave it will be ok as long as I dont have any infections in my LAN. From what I read in other posts in this forum, setting up correct permission for svchost is a big problem for many people.
