Windows Operating System blocked IN connection protocol ARP


in CIS firewall i have an app (terminal application Putty that connect to remote SSH server port 22) internet activity allowed (“Outgoing only” ruleset).
But the app is unable to connect unless i disable Comodo Firewall. The log entry i see during the blocked time is:

Windows Oeprating system incoming connection protocol ARP blocked.

In Global Rules of the firewall i am having ALLOW rule for my LAN IP range IN/OUT, protocol “IP”. But i do not see ARP protocol choice there.
Creating rule for protocol TCP/UDP not helped. I have not found other blocked log entry for that IP i want to connect. I tried to enable logging for the last blocking entry in the chain, as seen on the image below:

In firewall settings, Anti ARP spoofing is enabled (i would bet it should stay like that?) and IPv6 traffic filtered (i do not have IPv6 internet).

UPDATE: when i unticked the firewall configuration option “Enable anti-ARP spoofing” (by default is unticked) then it started working. But i am wondering if i can keep it enabled and allow that mentioned connectivity somehow? This is rather trusted small “home” LAN with several computers.

There is nothing you can do other than disable the anti-arp spoofing setting, before version 6.x you could have chosen which type of ARP packets you wanted to block, but now it blocks all types which causes this issue. What you are seeing is the firewall is blocking gratuitous ARP packets which you used to be able to allow while still blocking spoofed ARP packets.

So if GARP is always blocked, you will have issues with VRRP and other alike HA protocols that “announce” the new gateway MAC with a GARP?

Yes and if any incoming packets with a different MAC address than the one your system made the request towards will also be blocked.

Thanks, I disabled the anti spoofing just in case then :slight_smile: