I’ve a Win8.1 computer that I haven’t connected to a network yet. I’ve got Comodo Firewall v6.3 on it (latest as of today).
I start a small server on it, then connect to it with the Windows telnet client. Comodo Firewall gives me the prompts for telnet.exe initiating a connection, but when I allow that I expect to see a similar one that the server would like to accept a connection, but I don’t. It just auto-happens. This is exactly the same behavior I was seeing from Outpost firewall.
Do the hooks Microsoft provide firewall vendors not let them see these incoming, internal connections? Is Comodo just helping me out here by auto-allowing it? I’ve flipped every “alert me frequently and verbosely” switch and disabled every “allow” rule I can find.
Here’s a 35 second video of me demo’ing this.
I show the very short rule list:
everything’s blocked
except for my client (PuTTY) which has an allow-out rule
my server (Proxomitron) has no rule at all
And then I show PuTTY connecting to Proxomitron with no questions asked.
I’ve set all the other settings I can find to “block/ask”. I’d be happy to provide screenshots of anything in particular.
Could you give a screenshot of your Firewall Settings and global rules?
Also lets clarify some things, when you send outgoing traffic and you receive responses from a server, that response is not the same as inbound connections. For example, all a browser needs is access to outgoing connections, because the server is allowed to send responses to your outgoing traffic hence you are allowed to download the webpages and view them with only outgoing connections allowed.
Inbound connections are connections that initiate from another server/computer, i.e not a response to something you asked for.
Edit: Nevermind, I think I understand what you mean now. You have both the client and server on the same computer and hence the client is making an outbound connection but to the server that is an inbound connection, so the client should trigger CIS to ask for outbound (unless you have it allowed, which you do) and the server should trigger CIS to ask for inbound?
After a connection’s made, traffic goes in both directions.
But to this single-computer running both the client and the server, I’d expect a firewall to prompt twice - once for the outgoing client and then, a nanosecond later, for the server as the packet from the client comes in.
I’ll post screenshots of the other settings in a few hours.
In the meantime, I’ve just noticed this same behavior on the Win7 PC I’ve been using for years! Maybe incoming connections from localhost to localhost are always allowed. I wonder if that’s a design decision or a limitation of the API firewall vendors have to work with? I definitely get the “incoming connection alert” when another computer tries to access that proxy server.