comodo firewall network rules

Discussion in 'other firewalls' started by bamaman66, Aug 24, 2006.

Thread Status:
Not open for further replies.
  1. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    Would someone check these network rules?

    1. Allow IPIN ZONE Any
    2. Allow TCP/UDP Any Zone a set of ports(xxxxx)
    3. Block IPIN Any Any
    4. Allow IP out any Any


    What ports do I need to allow in rule 2 above.
     
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Maybe the ports that you will need?
    Or if you don't know and you trust on that Zone, choose any.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi, what is the "Zone" you mention (is this your Lan)? In "2", is this for inbound (for server software (P2P) if yes,.. which pgm)? Which version of Comodo are you using?
     
  4. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    I am using comodo firewall version 3.3.0.11. The zone is my LAN if I interpreted the rules I saw posted on the comodo forum for establishing network rules. As for the rule 2 I am not sure of the answer to your question. I made my rules based on my interpretation of the message at this URL.

    http://forums.comodo.com/index.php/topic,1125.msg7197.html#msg7197
     
  5. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    My mistake the comodo version is 2.2.0.11.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi bamaman66,

    From your post:-
    For rule "1", ensure this is your Lan address (this is to allow comms over your network (if behind a router), if you are not behind a router (on a private network), then do not add this rule).
    Rule "2", un-needed, as this would allow inbound from "any" IP. (you would set this type of rule if using software like "emule" or "torrent clients".
    Rule "3" Correct, this will block all inbound connection attempts (but remember such programs as "P2P" will not functions correctly (low ID in emule)
    Rule "4", this is a "allow all out" rule, I personally do not like such rules, but this is up to yourself (and can depend on what outbound is required by the software you use.)
     
  7. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    bamaman66,

    the default rules didn't work for you?

    You only need to change it, if you need to allow traffic between a Zone or allow that your computer act like a server(Website, P2P, etc...)
     
  8. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    If I understand you correctly I should delete rule 2. What do I do when a program ask to act as a server? Will it still ask me for permission to act as a server or will it automatically do this the way I have it setup?
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Yes, remove rule 2.
    The "network rules" can only be changed manually. If a program asks for server rights, and you allow this, then only the application rules will change.
    For a program to be allowed "inbound connections" you must set a rule to allow the inbound within the network rules (as you would with your router)
     
  10. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    1. Allow IPOUT Any zone
    2. Allow IPIN Zone Any
    3. Block IPIN Any Any
    4. Allow IPOUT any Any

    These are my rules now. Will I be protected? Do I let programs act as servers?
    I still don't understand about letting a program act as server. Thanks for your help. This may be a great firewall but I don't think it is user friendly.
     
  11. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    If the "zone" is set up for your Lan, then yes. (you can remove rule "1", as this outbound is allowed in rule "4")
    Any program you allow to act as "server" (from the rules you now have in place) will be allowed inbound connections from your "zone(Lan)". This would be needed if you are file sharing over your Lan.
    Basically, when a program acts as a server,.. example P2P software, it will take inbound connections and "serve" files from your pc (think of when you connect to a web-site. You are making outbound connections to a (HTTP) server, the website allows your inbound connection and serves you with the info you see in your browser.)
     
  12. bamaman66

    bamaman66 Registered Member

    Joined:
    Aug 11, 2006
    Posts:
    366
    Now that I have my rules settled. If programs such as firefox, Internet explorer, etc ask for permission to act as servers I should give them permission?
     
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Allowing programs to act as server will not allow inbound connections from the internet (with the network rules you have in place), so you should be o.k. to allow this for the programs you know.
     
Loading...
Thread Status:
Not open for further replies.