Thanks a LOT! Those links are informative. Also somewhat confusing since they're of the learning thread variety.
I'm bothered by possible, not sure if real, issue of a different meaning of source depending on direction.
Still, I do know what I need to do there, and at this point find it extreemly frustrating and difficult and while it was interesting to trial it, that is not a firewall for me no matter how great people think it is (it probably is, somehow and I just don't see it yet).
Example:Let's say I want to run update for an anti virus application.
Comodo issues first alertAntivirus updates is trying to connect to the Internet
Remote IP x.x.x.x Port: http - TCP
Correct. As it should be. It's the complete truth of what's going on.
So I answer: Allow and Remember my answer for this application.I expect to see a rule for application yyy.exe to beDestination x.x.x.x
and NO OTHER, unless I want to allow few other serversPort for destination: 80
and NO OTHER in this instance (though I can add few safe ports later)Protocol: TCP, out
(this I, too can modify later if UDP is needed, if in and out is needed etc)
I also expect that the source is the local zone, any port within say 1020-??? range that AV decides to use.Instead, I get settings whic are too wide open:Destination [Any]
<-- wrong, last thing I need is my AV updater going out to who knows where!Port [Any]
<-- wrongProtocol TCP/UDP Out
<-- wrong, there wasn't a word about UDP yet in that one alert (there will be later, but I don't want Comodo to make any such assumptions)
Nah, that just won't do
. If the AV application gets hacked, it'll be able to go out all over the internet to the various sites of crime and spyware. Allowing any port, permits trojan hijackers to take over my computer and talk on any port they want. Over my dead body.
So now I have to go to the rules and edit the heck out of them, while Comodo is sitting there laughing at me, since Comodo already knew the x.x.x.x address of the destination as well as the port (80) and DID NOT FILL IT IN for me
where I could just edit small items.
So there. That's my problem. That of the need to edit so much for every application
that needs to go out. If I don't find a painless way to use it, it's just much too difficult and tedious to manage.
Now, on to the literature, worth reading
which I do over and over to learn
This one is a bible of sorts for me "Customizing firewall rules
all four installments. Few syntactic quirks might be for Norton, it doesn't matter. Universal concepts are there.
Post #2 in http://www.wilderssecurity.com/showthread....9711#post809711
addresses the specifics for post #1. That's the sort of thing I have in mind for various Windows applications, particularily svchost.
Edited by tos226, 27 November 2007 - 10:00 PM.