Comodo Firewall - Can this setup work?

I do not have router. I only know, that a port for the p2p has to be forwarded in the router.

I have specified TCP Out ports, because when I do not run Azureus, I disable its 3 rules.
I have this rule in Network Monitor: TCP Out 25,80,88,110,443,554,1863,5050,5190,5222.

25 - SMTP, 80 - browser, 88 - Azureus Beta is available from that port, 110 - POP3, 443 - SSL, 554 - Streaming, 1863 - MSN, 5050 - Yahoo , 5190 - AIM & ICQ, 5222 - Jabber & Google Talk.

 

Re: Netbios in Comodo?

UDP in/out ports 137/138 : TCP in/out port 139 (you could just set a rule to block in/out TCP/UDP ports 137-139)

 

My port has always been forwarded to the router from the start if not all connections would be denied. So you got each of those other ports specifically from your application rules when you noticed what port they used. Thanks

dja2k

 

How about if I use this for the network rules and limit the rest in the application rules instead.

 

Yes, it could work. Network Monitor is something like a router, so CPF has "2 firewalls".
Most people have aplication rules like Aplication Allow TCP/UDP In/Out Port and IP Any.
Setting up something properly gives a headache, but once you finish it, you will be proud.
It took me a year to set up WinXP and a few weeks to to setup Comodo, but I like it now.

 

Question for you, if a port gets blocked in my configuration, would I be notified about it somewhere so I can add it?

dja2k

 

You have "Create an alert if this rule is fired" checked at Block rule, so you will.
You have to have allowed Log Events From Aplication & Network Monitor as well.
You will see, which port is being blocked & by which rule (Network Control Rule).

 

Re: Netbios in Comodo?

Thanks Stem

dja2k

 

Hi dja2k,
I was just looking at your network rules, should rule 3 not be TCP out? (for http) or are you using a server on this port?

 

Port 80 TCP out is covered by rule #4 which I copied from "TheTOM_SK" and I have TCP in because I saw hostsman server using it. Should I block it? Also Stem, now that your here if you don't mind, do you think I have rules #0 - #2 okay?
dja2k

 

What is "hostsman server"?

You should only allow inbound TCP for server software (such as P2P/torrent etc),.. your rule #4 which is allowing outbound to port 80, will allow the returned packets. So yes, you should remove this rule.

I see you have 2 rules (0,1) for DNS,.. does rule 0 (IP range) cover rule 1?
Rule 2, DHCP,... the IP 255.255.255.0,... this should be broadcast IP: 255.255.255.255,..

 

Hostsman server is an HTTP server to show which site got blocked by the host file. It made me do a rule in the application list for allow in TCP port 80 and that was the only reason I added it to the network rule.

dja2k

 

Have you a link to "Hostsman server"? (this may require inbound from localhost(127.0.0.1))
No you should not allow inbound TCP to local port 80 (from the internet), you do have protection due to your router,.. but if you where connected directly to the internet, you would come under attack very quickly on that local port.

 

Okay Stem, I already removed TCP in port 80 rule.

dja2k

 

For your "Hostsman server", place an "application" rule to allow in TCP from remote IP 127.0.0.1 / out TCP to remote IP 127.0.0.1.. this will allow any loaclhost activity needed by the program.

 

Hey Stem, in my #0 and #1, I don't think I need #0 where I putting...

Range 192.168.1.163 (Static IP) - 255.255.255.255 to port 53

and the rule #1 has...

192.168.1.10 (router's IP DNS Server) to port 53

I think rule #1 is enough. I did that duplication because I wasn't clear on what was on TheTOM_SK's list.

dja2k

 

Right,.. lets take a step back,...

You are using a static IP for your PC (yes?)
Is your network within the trusted zone? (your network would be 192.168.1.0 - 192.168.1.255.

If yes to both, then you should not need rules to allow comms to the router,.. (Also:- DHCP is for your PC to obtain an IP address,.. but if this is fixed, then this is not needed)

 

Yes I have a static IP set to 192.168.1.163 and DNS set to 192.168.1.10 (router's IP). Don't really have a network really setup though, its only a solo pc using the router and two wireless laptops, but not setup for network access.

You kinda lost me there, but I think it is in the trusted zone as I set that up in the installation of Comodo. So I think I only need the rule...

Allow DNS port 53 from 192.168.1.10. Don't even know if I need the 255.255.255.255 to port 67

dja2k

 

You can delete that rule (to port 67), you do not need DHCP if your PC is a fixed IP,... You can disable the windows DHCP client... you can also disable NETbios.

dont worry,...

If the rule is needed, then you just need to allow UDP out to remote IP 192.168.1.10 remote port 53

 

Correct me if I am wrong, but in the application rules, anything going to UDP out port 53 would go to destination 192.168.1.10 (Router DNS address) right? Also any port of TCP in would go to 127.0.0.1 right?

dja2k

 

If you have not placed an IP within the rule, then the outbound would be allowed to any IP.

No,.. Inbound TCP does not go to 127.0.0.1. This IP is Localhost (or Loopback adapter). Programs that need loopback, will send packets to 127.0.0.1, and receive packets from 127.0.0.1.

 

Okay just trying to figure out to tighten more the application rules. I have found out that firefox for instance gets loopback from 127.0.0.1 via TCP inbound. Also connects to the router 192.168.1.10 DNS for UDP out on port 53. So basically all port 53 connections coming from UDP out are for DNS to my router's IP.

dja2k

 

If you have windows DNS client disabled, then applications will perform own DNS lookups.

If you want tight rules for firefox, my current rules for firefox are:-
DNS: Allow outbound UDP to router IP remote port 53
HTTP/S: Allow outbound TCP to any IP remote port 80/443
Block TCP/UDP any any

Yes, so you can place the router IP within the DNS rule.

 

Yep basically what I have....

dja2k

 

This is my utorrent ruleset, don't know if I over did it, but its working good.

dja2k