Conf of Comodo (for DNS request for example)

Discussion in 'other firewalls' started by gagman, Oct 16, 2006.

Thread Status:
Not open for further replies.
  1. gagman

    gagman Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    68
    Location:
    France
    I posted the following in the Comodo forums :
    --------------------
    Hello,

    I'm pretty new in the Comodo world (but quite oldie in firewall word).

    I'm not sure to understand the application vs network rules interaction.

    Let's say for example I want to authorize all out UDP 53 paquet (makes sense !).
    But I don't want to do it per application, for sure.

    If I create a network rule with those parameters, it is not enough, I need to create an application rule as well.
    That's a bit strange, I would like to have a "any application" parameter in the application rule definition.

    Please advise how to create this kind of configuration with Comodo ?

    Thanks.
    --------------------

    Then I had some answers, then my post has been switched as a FAQ (with the removal of all the answers but the last one, not very nice !!).
    http://forums.comodo.com/index.php/topic,3201.0.html

    So what I understand of the configuration of Comodo is there is precedence of application rules or network rules, depending of the inbound or outbound way.
    But both rules (appli or network) are used to determine if the packed is allowed or not.

    So for example, you need to authorize all applications to perform a DNS request, even if you have authorized port53 outbound.
    OK, why not, it's better in term of security.

    But if you want to create a trusted network to communicate with your machine... you need to create rules per application too.
    That sounds amazing to me ! No matter the level of security you want, if you need to create a trusted network, you don't want to be annoyed by some other stuff regarding application level.

    I've seen Comodo had a lot of good points in wilders, but this point is for me very important. I really don't understand how to use it this way ! maybe it's just my configuration, or my warp-minded brain...

    I will post the same in Comodo forum, will get you in touch.
     
  2. cprtech

    cprtech Registered Member

    Joined:
    Feb 26, 2006
    Posts:
    335
    Location:
    Canada
    Yes, you do need to set up the dns rule in the Network Monitor first. Do you want to specify dns lookups on a per app basis or using svchost? If you use svchost then you need to have the dns client service enabled. You could create your rule in Network Monitor as: UDP, Outbound, Remote Port = 53, Remote ip = your dns ip server's address(s). Then if you use svchost for dns lookups you just assign the rule to it one time only. However, assigning per app is generally a bit safer but does take a bit more time to set up. If you want to decrease the amount of work involved in setting up rules for your various apps, you could just set the "Alert Frequency Level" in Comodo to "low" or "Very low". Also, upon initial setup of the firewall, you could have had Comodo scan for and "Automatically" setup rules for all your trusted apps.

    And just remember one thing, once you do take the time to setup all rules for your apps and fine tune them, you can export the entire ruleset and configuration from your registry and save them in case you need them later.

    Hope this helps.
     
  3. gagman

    gagman Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    68
    Location:
    France
    The DNS request is just an example. Using DNS client and svchost, I agree I just need 2 rules, a network one and an application one. If not using it, I need as many applications rules as applications doing DNS requests.
    But if I want to trust an entire LAN, each time I install a new network application, I need to create a rule.

    In Comodo, you cannot create a rule with the keyword "any application".
    Using a lot of others personal FWs, you can create this rule, or this kind of behavior.
    In Outpost for example, there is no "any applicatgion" keyword, but network rules overlapp application rules.

    That's why I think I will stop Comodo's test, it's not the good choice for me.

    Thanks for your help.
     
Loading...
Thread Status:
Not open for further replies.