Comodo firewall is supposed to be a really hot item. So I tried it. I'm not sure it does what I want which is not meant to discourage anyone from trying it. The interface is nice.
When I click on some alert, there is normally listed destination IP and port. But when I tell Comodo to remember the rule, it ends up as
source: Any IP:Any Port
destination:Any IP:Any Port
That's not what I have in mind, when say I want Comodo FW to remember that I answered, for instance
source:locast host, port 53, and destination: Some DNS IP, port 53, just as an example.
All I see is this 'any to any' entry which is just too wide open to hacks.
In Kerio 2.1.5 all I have to change on alert is permit some local host ports, possibly destination as well, but basically rule tweaking takes seconds.
I keep going through the PDF instructions and just can't find how to do it.
What am I missing?
Full Version: Comodo Firewall 2.4 - Need Advice About Rules
I have found these 2 explainations that may help you. Personally I am still confused with it all, but maybe you will catch on better than I have. I will look over it some more and maybe I will get it.
http://forums.comodo.com/frequently_asked_...ly-t1102.0.html
http://forums.comodo.com/frequently_asked_...ly-t1125.0.html
http://forums.comodo.com/frequently_asked_...ly-t1102.0.html
http://forums.comodo.com/frequently_asked_...ly-t1125.0.html
Crizz44,
Thanks a LOT! Those links are informative. Also somewhat confusing since they're of the learning thread variety.
I'm bothered by possible, not sure if real, issue of a different meaning of source depending on direction.
Still, I do know what I need to do there, and at this point find it extreemly frustrating and difficult and while it was interesting to trial it, that is not a firewall for me no matter how great people think it is (it probably is, somehow and I just don't see it yet).
Example:
Let's say I want to run update for an anti virus application.
Comodo issues first alert
Antivirus updates is trying to connect to the Internet
Application yyy.exe
Remote IP x.x.x.x Port: http - TCP
Parent zzz.exe
Correct. As it should be. It's the complete truth of what's going on.
So I answer: Allow and Remember my answer for this application.
I expect to see a rule for application yyy.exe to be
Destination x.x.x.x and NO OTHER, unless I want to allow few other servers
Port for destination: 80 and NO OTHER in this instance (though I can add few safe ports later)
Protocol: TCP, out (this I, too can modify later if UDP is needed, if in and out is needed etc)
I also expect that the source is the local zone, any port within say 1020-??? range that AV decides to use.
Instead, I get settings whic are too wide open:
Destination [Any] <-- wrong, last thing I need is my AV updater going out to who knows where!
Port [Any] <-- wrong
Protocol TCP/UDP Out <-- wrong, there wasn't a word about UDP yet in that one alert (there will be later, but I don't want Comodo to make any such assumptions)
Nah, that just won't do. If the AV application gets hacked, it'll be able to go out all over the internet to the various sites of crime and spyware. Allowing any port, permits trojan hijackers to take over my computer and talk on any port they want. Over my dead body.
So now I have to go to the rules and edit the heck out of them, while Comodo is sitting there laughing at me, since Comodo already knew the x.x.x.x address of the destination as well as the port (80) and DID NOT FILL IT IN for me where I could just edit small items.
So there. That's my problem. That of the need to edit so much for every application that needs to go out. If I don't find a painless way to use it, it's just much too difficult and tedious to manage.
Now, on to the literature, worth reading which I do over and over to learn
This one is a bible of sorts for me "Customizing firewall rules"
http://www.wilderssecurity.com/showthread.php?t=24415
all four installments. Few syntactic quirks might be for Norton, it doesn't matter. Universal concepts are there.
Post #2 in http://www.wilderssecurity.com/showthread....9711#post809711 addresses the specifics for post #1. That's the sort of thing I have in mind for various Windows applications, particularily svchost.
Thanks a LOT! Those links are informative. Also somewhat confusing since they're of the learning thread variety.
I'm bothered by possible, not sure if real, issue of a different meaning of source depending on direction.
Still, I do know what I need to do there, and at this point find it extreemly frustrating and difficult and while it was interesting to trial it, that is not a firewall for me no matter how great people think it is (it probably is, somehow and I just don't see it yet).
Example:
Let's say I want to run update for an anti virus application.
Comodo issues first alert
Antivirus updates is trying to connect to the Internet
Application yyy.exe
Remote IP x.x.x.x Port: http - TCP
Parent zzz.exe
Correct. As it should be. It's the complete truth of what's going on.
So I answer: Allow and Remember my answer for this application.
I expect to see a rule for application yyy.exe to be
Destination x.x.x.x and NO OTHER, unless I want to allow few other servers
Port for destination: 80 and NO OTHER in this instance (though I can add few safe ports later)
Protocol: TCP, out (this I, too can modify later if UDP is needed, if in and out is needed etc)
I also expect that the source is the local zone, any port within say 1020-??? range that AV decides to use.
Instead, I get settings whic are too wide open:
Destination [Any] <-- wrong, last thing I need is my AV updater going out to who knows where!
Port [Any] <-- wrong
Protocol TCP/UDP Out <-- wrong, there wasn't a word about UDP yet in that one alert (there will be later, but I don't want Comodo to make any such assumptions)
Nah, that just won't do. If the AV application gets hacked, it'll be able to go out all over the internet to the various sites of crime and spyware. Allowing any port, permits trojan hijackers to take over my computer and talk on any port they want. Over my dead body.
So now I have to go to the rules and edit the heck out of them, while Comodo is sitting there laughing at me, since Comodo already knew the x.x.x.x address of the destination as well as the port (80) and DID NOT FILL IT IN for me where I could just edit small items.
So there. That's my problem. That of the need to edit so much for every application that needs to go out. If I don't find a painless way to use it, it's just much too difficult and tedious to manage.
Now, on to the literature, worth reading which I do over and over to learn
This one is a bible of sorts for me "Customizing firewall rules"
http://www.wilderssecurity.com/showthread.php?t=24415
all four installments. Few syntactic quirks might be for Norton, it doesn't matter. Universal concepts are there.
Post #2 in http://www.wilderssecurity.com/showthread....9711#post809711 addresses the specifics for post #1. That's the sort of thing I have in mind for various Windows applications, particularily svchost.
Thank you for the links. Looks like some great information there.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.