See :- http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg This is from my recently installed Comodo IS-V4. These blocked identical events occur every few seconds - there are hundreds of them in a session. Surely it cannot be normal traffic ? Can somebody please explain what they mean and tell me precisely how to get rid of them ? I do not know how to configure Comodo to stop them. Is it some kind of Loop-back problem ? Thank you folks John Bull
I have read the link :- http://www.linklogger.com/UDP67_68.htm posted by Mvario and it is very educational. But I still do not know how to stop this Comodo firewall from eventing the UDP shown on my example every few seconds. Recap :- http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg I have entered this Loopback :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone.jpg BUT, it makes no difference, the damned thing just keeps plodding on with it`s eventing. Can anybody please tell me what to do in order to stop this firewall obsession with the 255 thingy ? Not interested in the theory, just what to do to stop it. Put my finger on the trigger and I`ll pull it. John Bull
Sorry, I don't have any experience with Comodo firewall so I can't give you any advice on how to have it stop logging or ignore bootp stuff. Have you tried asking on the Comodo forums?
PROBLEM SOLVED Thanks to mvario for this link :- http://www.linklogger.com/UDP67_68.htm plus a good look at the Comodo HELP guide and a couple of strong beers, I have solved this DHCP, UDP ports 67 & 68 problem that has been pinging my firewall every few seconds and generating a mammoth log. To me, Comodo Firewall Pro Free is the best firewall on the market by a very long shot. I would never consider any other firewall unless I was forced to. Comodo is not for the faint hearted, it is versatile, comprehensive and requires a reasonable technical knowledge plus a good amount of PC experience. It is not for dear old Granny who only uses the PC for shopping online at the local supermarket. Now for the solution :- Problem was :- http://i876.photobucket.com/albums/ab327/johnbull17/Firewall.jpg Solution is :- COMODO>My Network Zones, you get :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone100.jpg This shows My Network Zones with the required Network Zone added i.e the offending firewall log. To enter this Network, go to Add>A New Network Zone - a small panel asks for a Network name - give it one, you can call it what you like - a chose Loopback. You then get a panel asking for the address details :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone300.jpg Enter the offending firewall details as shown. Now the Network Zone has to be "trusted". Firewall>Stealth Ports Wizard. You get this :- http://i876.photobucket.com/albums/ab327/johnbull17/StealthPorts.jpg Select item 1. Panel :- http://i876.photobucket.com/albums/ab327/johnbull17/NetworkZone200.jpg comes up. Item 1 plus drop down Network Zone tab and the offending firewall ping log is now "trusted", APPLY and it will not be logged again. This procedure can be used for any "trusted" firewall network that you do not want logged. No limit to the Networks added. Get behind me Satan. Gee, life is now so sweet. John Bull
Following your parable, you have got annoyed with Satan knocking on the door, so have opened it, allowed him/her in and given him/her coffee and cake. The first screen grab you show, shows blocked DHCP broadcasts, you have then not only allowed those broadcasts but also allowed any/all other traffic to/from that IP. If then, for example, you find your logs are filling from scans from some specific IP, what would you do?. If you follow your own direction (as with these broadcasts) would you set that IP as trusted? - Stem
Looks fine to me so far Stem. Maybe I have exorcised Satan, at least I do not have those pings polluting my firewall events every few seconds. As far as other pings are concerned, I do not intend to trust any of them, so the firewall can clobber them all, but this DHCP crap is nothing but a pain in the butt. My firewall events are great now, just recording what is necessary. Ain`t life grand ? John Bull
Well John, I still do not understand why you would allow what was previously blocked just to stop the event being logged. They are now actually being allowed onto the IP stack. - Stem