Comodo Firewall Configuration

Discussion in 'other firewalls' started by tekkaman, Sep 14, 2010.

Thread Status:
Not open for further replies.
  1. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    Well short intro ^^. I started working in an office recently. I used to bring my laptop to work but now they bought me a desktop at work so now I don't really have to bring the laptop with me unless necessary. In this new desktop I decided to try Comodo again. Last version I used was 3.x so I wanted to see what's new. The thing is I never see Comodo Firewall blocking anything. And I'm talking about the firewall perse not Defense+. My laptop has Outpost 7.0 and I'm used to seeing it blocking port scans when I bring it at work. But with Comodo in the desktop pc I never see anything in the logs. This is not an A VS B thread. I just want to know if it's an error in my configuration or if there is an explanation for this. Thanks in advance ^^
     
  2. Clench Tightly

    Clench Tightly Registered Member

    Joined:
    Apr 2, 2008
    Posts:
    34
    Have you enabled logging??

    If logging on your inbound block rules is not enabled, CIS will block but not record the event.

    CT :)
     
  3. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    It's enabled. And I should edit that it it does display warnings when a new aplication wants to connect. But what I don't see is alerts about inbound attacks like port scanning.
     
  4. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975

    Like he said, you have to enable logging on your incoming block rules.
     
  5. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164

    I'm going to check and post a screenshot of the configuration. But I'm starting to think that the firewall component of Comodo only blocks outbound and not inbound.
     
  6. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Actually, I don't have any incoming block rules and I get dropped packets logged. Maybe you could try the Stealth Ports Wizard.

    I run Custom Policy with Alert settings at Very High and all checked except the Internet Connection gateway option.
     
  7. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    Here are the screenshots. Anything I should change ?
     

    Attached Files:

  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    That's alright. What are your alert settings like? If your Alert Frequency Level is below Medium, you will not get log entries for blocked incoming packets.
     
  9. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    They're in the default "low" I didn't knew that had to do with the logs. I'll try it and post back.
     
  10. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    That's your problem. Set it to Medium and you'll see log entries.
     
  11. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    Still no logs about firewall component.
     
  12. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Strange. Try setting it to High then. Medium works for me.
     
  13. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    ok since the computer is in the office I need file sharing enabled to be able to connect to an Access database. For that it asks if it's a trusted network or not. It asked that when I first installed it. Could it be that if it's set that way it lets everything pass ? In Outpost you can set to enable only netbios. But I still get a lot of things blocked this way in the packet log and occasionally I see port scans that get blocked. So I think that in Comodo if a network is trusted for file sharing then it just lets anything through.
     
  14. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    It shouldn't. I assume you're behind a router so that's probably why you're not seeing anything, as the router is blocking all unrequested packets. Change one of your firewall rules (eg. web browser) to block and set logging for the rule to see if it shows up in the log.
     
  15. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    You mean blocking a local program from network access ? If that's what you mean. It works and it shows up in the log. It's a 2Wire router. I think it has interesting features the router perse. When there's a virus it stops internet.
     
  16. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    Your router is blocking everything. If it has a log for dropped packets, you can check that. I have my computer in the DMZ on my router so I get everything passed to my computer and blocked/logged by Comodo.
     
  17. Persian Boy

    Persian Boy Registered Member

    Joined:
    Sep 1, 2007
    Posts:
    44
    Look at the screen shot.:rolleyes:
     

    Attached Files:

  18. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    why do u only have 4 rules? :eek:

    i have way more.. also added your rule which u descriped.. so basically this rule is there to log the ip of every blocked incomming connection?
    (added screen of my network policy)

    i also have a question about ports: there are some ports in the port section listed. these are the ports which are open & allowed right?
    So everything else gets blocked? So e.g. if i want to use torrents, i would add the torrent port to the list in comodo.. but the thing is: i didnt and still my torrents work fine?
     

    Attached Files:

  19. Persian Boy

    Persian Boy Registered Member

    Joined:
    Sep 1, 2007
    Posts:
    44
    I didn't change the default settings. Maybe because I use "Proactive Security" mode in Configuration.
     
  20. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    I only have 1 rule and that's for ICMP. I have all blocked packets logged.


    IIRC, global rules are applied first to incoming packets so if you have a block rule for all incoming packets, nobody will be able to connect to any of your listening ports (eg. bittorrent, emule, etc)
     
  21. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    @persianboy: i have proactive security too
    @espresso: so what exactly is that rule doing which persian boy added with his screenshots?

    anybody knows why i have so many rules? :eek: is smth wrong there? i didnt change anything
     
  22. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    persianboy has a global allow rule that appears to allow all outgoing connections unless it is blocked by an application rule, not something I would do.

    He also has two ICMP rules which are made redundant by the preceding rule which covers all IP, including ICMP.

    His last rule is a block rule for ALL incoming connections, which is ok if you don't have any programs that listen to connections but it will block programs like emule (lowID) and bittorrent.

    You have a couple sets of allow rules for VMWARE zones and one for your home network, and the rest are standard ICMP rules that may be default or are added by the stealth ports wizard. Nothing to be concerned about.


    Rules in Comodo are processed as follows:

    Outgoing Packets --> <Application Rules> <--> <Global Rules> <-- Incoming Packets
     
  23. Jav

    Jav Guest

    If you go to "stealth wizard" and choose "block all incoming connections" third rule. You will have the same rules as him.

    And regarding the rule he changed: He just enabled logging for blocked incoming connections. Now logs will show all blocked incoming connections as OP wanted.
     
  24. zakazak

    zakazak Registered Member

    Joined:
    Sep 20, 2010
    Posts:
    523
    So is his last rule blocking all incomming connection or just logging all blocked incomming connections?

    i added the rule to mine and utorrent works fine so far :)
     
  25. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    His last rule BLOCKS and LOGS all incoming connections. uTorrent will work but you are esentially in firewalled mode so you have to connect to other computers, they can't connect to you (less efficient, overall). If you use emule, you will see that you get a lowid when connecting to servers.
     
Loading...
Thread Status:
Not open for further replies.