Jetico vs Comodo

Works great with emule,high id, and bitcomet,if you use the 2 rules posted on their forum.Fully stealth

 

Yes this is a network rule that is needed to block the in/out,
I am talking about application rules, which will not block the outbound

 

Yea I know,

The problem here is, it seems that the firefox allow rule is overriding or still carrying out the task which a block rule was designed to deny

 

The rules are read from top to bottom

 

You should specify Outbound only; see if that makes any difference.

Plus are you restricting by ports also with this rule? Or just by destination IP address?

 

All ports (any), with block outbound, same result. But,..strange, I was creating a ruleset within the application rules for Firefox, but the new rule is placed randomly, either above or below the existing rules, with no way of changing the position of the rule, so there is no way of setting the priority of the rule within the application rules.

 

From all this, to me it appears like an incompletion or poorly thought of Application Filtering controls. It should not be difficult to create application rules to deny particular packets, and permit everything else…

 

I hope you can now understand my question concerning the outbound defense on the application layer/rules.

EDIT,...
If I place a application rule Allow in/out "Not 65.175.38.194" I am prompted for this connection, all other connections o.k. But as the rule implies, it should not connect, so really I dont think it should prompt.
If I place a ruleset with outbound TCP: to remote port 80, then this is the only port it will connect to, and no prompts for other ports.

 

Yea apparently this does seem to be the case now..

Who knows though, perhaps something small we overlooking, hopefully Melih-Comodo can shed some light on this now.

 

Well if you want to block all access to a simple IP address, then you should write a network rule. If you want to disable an *application's* access to an IP address then you need to create an application rule. This means while say AppA cant connect to the IP, AppB still can.

Joe

 

Hi joe, this is what we are discussing. It is possible to block an IP at the network level (all apps cannot access the IP), but it is not possible to place an application rule to block the IP for one app.

 

Hi guys,

Here is the thing : Once you approve an application's connection with a popup, no matter if you select remember or not, default allow rules take effect until you close the application. If you want to test its outbound filtering, you need to close firefox and then restart it. When you restart the firefox, it may still show you some popups because of no rule situations. If you even temporarily allow, then it will override the blocking rule.

To be able to play with it more, you can disable "Basic popup logic"(which reduces number of popups) and "Monitor DNS Requests" at Security->Advanced section. Disabling DNS check is necessary because if Comodo asks for a DNS request, and if you approve, temporary rule will override.

This is the issue you face. You may be trying to block a single IP for an already approved(by answering a popup) application.

Hope this helps,
Joe

 

Hi joe,
I created the block rule while firefox was not running, no popups when I started firefox. I could re-install and try again, but I have had the same results on 4 installations, trying different rulesets.
Take a quick look at my post#58 (the EDIT part)

 

Well hey there neonSurge, ok so answer the following question;

- for Stem to block specific access to particular IP address with specific application at Application filtering level and have it stick without being overwritten (by bad design for instance) or overruled (by a bad design for instance) by another and totally unrelated connection attempt.

It cannot be done with CPF current application filtering control design, I’m correct aren’t I?

 

I got blanked by Melih-Comodo for making such statements, please remember what you said earlier

 

Then my Bit Torrent client should be working yet I cannot get any inbound connections.
Time to try out another firewall until this one is able to handle BT and games.

 

I asked a question, and didn't make a statement...

 

You have no restriction to the application with the application rules right? What BitTorrent rules you currently made for the Network?

 

Technicalities

 

Application Rule;
Range-0.0.0.0 - 255.255.255.255 port [the ports chosen for my BT client] TCP/UDP [IN/OUT] permission [ALLOW]

Network rules above the block rule;
Allow TCP in from IP [ANY] to IP [ANY] source port [ANY] remote port [the ports chosen for my BT client]
Allow UDP in from IP [ANY] to IP [ANY] source port [ANY] remote port [the ports chosen for my BT client]


I have tried the above rules with my IP in with the same result.

Here is an example of a log from Comodo;
Date/Time :2006-05-16 07:10:24
Severity :Medium
Reporter :Network Monitor
Description: Inbound Policy Violation (Access Denied, IP = 172.xxxxxxxxx, Port = 50001) (JJ's edit-one of the ports used by my BT client.)
Protocol: TCP Incoming
Source: 193.xxxxxxxxxxxx
Remote: 172.xxxxxxxxx:50001
TCP Flags: SYN
Reason: Network Control Rule ID = 3

(Network Control Rule ID = 3) is the last rule;
Block and log IP in from IP [ANY] to IP [ANY] where IPPROTO is [ANY]

 

Hi,

Yes you can do it. Complex applications like firefox or internet explorer cause us to be confused. For the sake of simplicity, lets try a simple application like telnet.exe.

I have attached a screenshot.

 

This is the rules screen shot

 

Your question is answered here:
http://forums.comodo.com/index.php/topic,189.msg1300.html#msg1300

Joe

 

There are some options in Comodo that should be disabled before trying such things. "Advanced->Security->Basic popup logic", is one of them. Basic popup logic forces Comodo to allow/block more rights while answering a popup. I would also disable Monitor DNS Requests option not to see DNS popups per application.

Joe,

 

Well neonSurge, it shouldn’t be anything complex about it, blocking an application specific type of connection should be easy and shouldn’t require disabling 110 features located all throughout the firewall configurations… just to have application at application filtering level denied specific connection attempts.

Again the question of mine still goes unanswered; so it looks like everyone is clueless here so far and now it is time that I wait for response from Melih-Comodo on this…


Regards