comodo firewall network rules

Would someone check these network rules?

1. Allow IPIN ZONE Any
2. Allow TCP/UDP Any Zone a set of ports(xxxxx)
3. Block IPIN Any Any
4. Allow IP out any Any


What ports do I need to allow in rule 2 above.

 

Maybe the ports that you will need?
Or if you don't know and you trust on that Zone, choose any.

 

Hi, what is the "Zone" you mention (is this your Lan)? In "2", is this for inbound (for server software (P2P) if yes,.. which pgm)? Which version of Comodo are you using?

 

I am using comodo firewall version 3.3.0.11. The zone is my LAN if I interpreted the rules I saw posted on the comodo forum for establishing network rules. As for the rule 2 I am not sure of the answer to your question. I made my rules based on my interpretation of the message at this URL.

http://forums.comodo.com/index.php/topic,1125.msg7197.html#msg7197

 

My mistake the comodo version is 2.2.0.11.

 

Hi bamaman66,

From your post:-
For rule "1", ensure this is your Lan address (this is to allow comms over your network (if behind a router), if you are not behind a router (on a private network), then do not add this rule).
Rule "2", un-needed, as this would allow inbound from "any" IP. (you would set this type of rule if using software like "emule" or "torrent clients".
Rule "3" Correct, this will block all inbound connection attempts (but remember such programs as "P2P" will not functions correctly (low ID in emule)
Rule "4", this is a "allow all out" rule, I personally do not like such rules, but this is up to yourself (and can depend on what outbound is required by the software you use.)

 

bamaman66,

the default rules didn't work for you?

You only need to change it, if you need to allow traffic between a Zone or allow that your computer act like a server(Website, P2P, etc...)

 

If I understand you correctly I should delete rule 2. What do I do when a program ask to act as a server? Will it still ask me for permission to act as a server or will it automatically do this the way I have it setup?

 

Yes, remove rule 2.
The "network rules" can only be changed manually. If a program asks for server rights, and you allow this, then only the application rules will change.
For a program to be allowed "inbound connections" you must set a rule to allow the inbound within the network rules (as you would with your router)

 

1. Allow IPOUT Any zone
2. Allow IPIN Zone Any
3. Block IPIN Any Any
4. Allow IPOUT any Any

These are my rules now. Will I be protected? Do I let programs act as servers?
I still don't understand about letting a program act as server. Thanks for your help. This may be a great firewall but I don't think it is user friendly.

 

If the "zone" is set up for your Lan, then yes. (you can remove rule "1", as this outbound is allowed in rule "4")

Any program you allow to act as "server" (from the rules you now have in place) will be allowed inbound connections from your "zone(Lan)". This would be needed if you are file sharing over your Lan.

Basically, when a program acts as a server,.. example P2P software, it will take inbound connections and "serve" files from your pc (think of when you connect to a web-site. You are making outbound connections to a (HTTP) server, the website allows your inbound connection and serves you with the info you see in your browser.)

 

Now that I have my rules settled. If programs such as firefox, Internet explorer, etc ask for permission to act as servers I should give them permission?

 

Allowing programs to act as server will not allow inbound connections from the internet (with the network rules you have in place), so you should be o.k. to allow this for the programs you know.