 Comodo Firewall 2.4 - Need Advice About Rules |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Nov 25 2007, 08:51 PM
Post
#1
|
|
|
Distinguished Member  Group: Members Posts: 980 Joined: 21-October 04 Member No.: 3,911  |
When I click on some alert, there is normally listed destination IP and port. But when I tell Comodo to remember the rule, it ends up as source: Any IP:Any Port destination:Any IP:Any Port That's not what I have in mind, when say I want Comodo FW to remember that I answered, for instance source:locast host, port 53, and destination: Some DNS IP, port 53, just as an example. All I see is this 'any to any' entry which is just too wide open to hacks. In Kerio 2.1.5 all I have to change on alert is permit some local host ports, possibly destination as well, but basically rule tweaking takes seconds. I keep going through the PDF instructions and just can't find how to do it. What am I missing? |
 |
 
|
|
Nov 25 2007, 11:24 PM
Post
#2
|
|
 Senior Member Group: Members Posts: 453 Joined: 13-August 05 From: Virginia Member No.: 30,967 |
I have found these 2 explainations that may help you. Personally I am still confused with it all, but maybe you will catch on better than I have. I will look over it some more and maybe I will get it.
http://forums.comodo.com/frequently_asked_...ly-t1102.0.html http://forums.comodo.com/frequently_asked_...ly-t1125.0.html |
|
|
|
|
Nov 27 2007, 09:54 PM
Post
#3
|
|
|
Distinguished Member Group: Members Posts: 980 Joined: 21-October 04 Member No.: 3,911 |
Crizz44,
Thanks a LOT! Those links are informative. Also somewhat confusing since they're of the learning thread variety. I'm bothered by possible, not sure if real, issue of a different meaning of source depending on direction. Still, I do know what I need to do there, and at this point find it extreemly frustrating and difficult and while it was interesting to trial it, that is not a firewall for me no matter how great people think it is (it probably is, somehow and I just don't see it yet). Example: Let's say I want to run update for an anti virus application. Comodo issues first alert Antivirus updates is trying to connect to the Internet Application yyy.exe Remote IP x.x.x.x Port: http - TCP Parent zzz.exe Correct. As it should be. It's the complete truth of what's going on. So I answer: Allow and Remember my answer for this application. I expect to see a rule for application yyy.exe to be Destination x.x.x.x and NO OTHER, unless I want to allow few other servers Port for destination: 80 and NO OTHER in this instance (though I can add few safe ports later) Protocol: TCP, out (this I, too can modify later if UDP is needed, if in and out is needed etc) I also expect that the source is the local zone, any port within say 1020-??? range that AV decides to use. Instead, I get settings whic are too wide open: Destination [Any] <-- wrong, last thing I need is my AV updater going out to who knows where! Port [Any] <-- wrong Protocol TCP/UDP Out <-- wrong, there wasn't a word about UDP yet in that one alert (there will be later, but I don't want Comodo to make any such assumptions) Nah, that just won't do. If the AV application gets hacked, it'll be able to go out all over the internet to the various sites of crime and spyware. Allowing any port, permits trojan hijackers to take over my computer and talk on any port they want. Over my dead body. So now I have to go to the rules and edit the heck out of them, while Comodo is sitting there laughing at me, since Comodo already knew the x.x.x.x address of the destination as well as the port (80) and DID NOT FILL IT IN for me where I could just edit small items. So there. That's my problem. That of the need to edit so much for every application that needs to go out. If I don't find a painless way to use it, it's just much too difficult and tedious to manage. Now, on to the literature, worth reading which I do over and over to learn  This one is a bible of sorts for me "Customizing firewall rules" http://www.wilderssecurity.com/showthread.php?t=24415 all four installments. Few syntactic quirks might be for Norton, it doesn't matter. Universal concepts are there. Post #2 in http://www.wilderssecurity.com/showthread....9711#post809711 addresses the specifics for post #1. That's the sort of thing I have in mind for various Windows applications, particularily svchost. This post has been edited by tos226: Nov 27 2007, 10:00 PM |
|
|
|
|
Nov 27 2007, 10:27 PM
Post
#4
|
|
|
Senior Member Group: Members Posts: 453 Joined: 13-August 05 From: Virginia Member No.: 30,967 |
Thank you for the links. Looks like some great information there.
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 03:18 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.