Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Comodo Firewall 2.4 - Need Advice About Rules


  • Please log in to reply
3 replies to this topic

#1 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:57 PM

Posted 25 November 2007 - 08:51 PM

Comodo firewall is supposed to be a really hot item. So I tried it. I'm not sure it does what I want which is not meant to discourage anyone from trying it. The interface is nice.

When I click on some alert, there is normally listed destination IP and port. But when I tell Comodo to remember the rule, it ends up as
source: Any IP:Any Port
destination:Any IP:Any Port

That's not what I have in mind, when say I want Comodo FW to remember that I answered, for instance
source:locast host, port 53, and destination: Some DNS IP, port 53, just as an example.
All I see is this 'any to any' entry which is just too wide open to hacks.

In Kerio 2.1.5 all I have to change on alert is permit some local host ports, possibly destination as well, but basically rule tweaking takes seconds.

I keep going through the PDF instructions and just can't find how to do it.
What am I missing?

BC AdBot (Login to Remove)

 


#2 Crizz44

Crizz44

  • Members
  • 496 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:03:57 PM

Posted 25 November 2007 - 11:24 PM

I have found these 2 explainations that may help you. Personally I am still confused with it all, but maybe you will catch on better than I have. I will look over it some more and maybe I will get it.

http://forums.comodo.com/frequently_asked_...ly-t1102.0.html



http://forums.comodo.com/frequently_asked_...ly-t1125.0.html

#3 tos226

tos226

    BleepIN--BleepOUT

  • Topic Starter

  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:57 PM

Posted 27 November 2007 - 09:54 PM

Crizz44,
Thanks a LOT! Those links are informative. Also somewhat confusing since they're of the learning thread variety.
I'm bothered by possible, not sure if real, issue of a different meaning of source depending on direction.
Still, I do know what I need to do there, and at this point find it extreemly frustrating and difficult and while it was interesting to trial it, that is not a firewall for me no matter how great people think it is (it probably is, somehow and I just don't see it yet).

Example:
Let's say I want to run update for an anti virus application.
Comodo issues first alert
Antivirus updates is trying to connect to the Internet
Application yyy.exe
Remote IP x.x.x.x Port: http - TCP
Parent zzz.exe

Correct. As it should be. It's the complete truth of what's going on.

So I answer: Allow and Remember my answer for this application.

I expect to see a rule for application yyy.exe to be
Destination x.x.x.x and NO OTHER, unless I want to allow few other servers
Port for destination: 80 and NO OTHER in this instance (though I can add few safe ports later)
Protocol: TCP, out (this I, too can modify later if UDP is needed, if in and out is needed etc)
I also expect that the source is the local zone, any port within say 1020-??? range that AV decides to use.

Instead, I get settings whic are too wide open:
Destination [Any] <-- wrong, last thing I need is my AV updater going out to who knows where!
Port [Any] <-- wrong
Protocol TCP/UDP Out <-- wrong, there wasn't a word about UDP yet in that one alert (there will be later, but I don't want Comodo to make any such assumptions)

Nah, that just won't do. If the AV application gets hacked, it'll be able to go out all over the internet to the various sites of crime and spyware. Allowing any port, permits trojan hijackers to take over my computer and talk on any port they want. Over my dead body.

So now I have to go to the rules and edit the heck out of them, while Comodo is sitting there laughing at me, since Comodo already knew the x.x.x.x address of the destination as well as the port (80) and DID NOT FILL IT IN for me where I could just edit small items.

So there. That's my problem. That of the need to edit so much for every application that needs to go out. If I don't find a painless way to use it, it's just much too difficult and tedious to manage.

Now, on to the literature, worth reading which I do over and over to learn :thumbsup:
This one is a bible of sorts for me "Customizing firewall rules"
http://www.wilderssecurity.com/showthread.php?t=24415
all four installments. Few syntactic quirks might be for Norton, it doesn't matter. Universal concepts are there.

Post #2 in http://www.wilderssecurity.com/showthread....9711#post809711 addresses the specifics for post #1. That's the sort of thing I have in mind for various Windows applications, particularily svchost.

Edited by tos226, 27 November 2007 - 10:00 PM.


#4 Crizz44

Crizz44

  • Members
  • 496 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Virginia
  • Local time:03:57 PM

Posted 27 November 2007 - 10:27 PM

Thank you for the links. Looks like some great information there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users