New Comodo Firewall 2.3 Released!

Thank you Stem. Looking forward to it.

 

Personal opinion:-

I am certainly happy that the installer is now changed, (I did not like the fact that there was a need for a user to connect out while no firewall was installed to download the isscript).
The installation should, I think, be more informative as to what the default installation is, as I have noticed a number of posts concerning the ability of applications being allowed internet access without user permission. I can understand there is a need for such an option, as many do not like to have to allow apps, or have to decide on what ports are to be used etc. but still, I think this should be made more clear on installation.

It is catching various leak attempts /memory modifications /dll`s etc. o.k. So from a view of leaktests, then yes, very good.
The application rules I feel could still be improved,.. there are at times problems attempting to block an IP, as the rules still place themselves in order, and not always correctly,.. I would like to see the ability to order the rules for priority.(I know that IP`s can be blocked at the network level rules,.. but I like to limit IP connections per application)

I will set up later to check on how comodo reacts to external scans/attack.

But,.. yes, this firewall is certainly moving in the right direction.

 

I can't seem to get the Network Control Rules to work. I'm trying to block this IP range:

195.225.176.0 - 195.225.179.255

Network Control Rules

My Source IP is:
Action: Block
Protocol: TCP or UDP
Direction: In/Out
Source IP: Any

My Destination is:
Action: Block
Protocol: TCP or UDP
Direction: In/Out
IP Range: 195.225.176.0 - 195.225.179.255

I can still get to the web page. This configuration is supposed to block access.

 

Make sure the "network block rule" is moved to the top of the rule-list

 

I see what it's doing. If I type the IP (any IP's within the blocked IP range) in the browser, it blocks it ok. But, if I type in the host name of the IP, it takes me to the webpage.

 

Did that. It didn't make any difference. If I type in an IP from the blocked range in the browser, Comodo does what it is supposed to do, it prevents access to the website. However, if I enter the host name of the IP, (td8eau9td.com) in the browser, it takes me to the webpage. Is this a known bug? Or did I miss something in my configuration. Sygate, Zone Alarm, and Jetico all prevented access whether it be IP or host name entered.

 

I have just checked, (after entering IP of this forum into a block rule), and I am blocked if I enter the IP or the "host name"

Are you using a local proxy, or an AV that uses a proxy?

 

I have set this up,.. the first attempt to connect is being intercepted-> site closed, it is not connecting to the actual site. Pressing the "go" button to try again is timing out, the log is from my entering td8eau9td.com into the browser

 

To confirm, this is the network rule:-

 

Here's what I did. I deleted the rule and started over and this time I used IP Mask with the correct Subnet Mask instead of IP Range and it worked. I guess IP Range still has a few bugs.

Edit:
BTW, Your IP Range should be: 195.225.179.255 not 55.

I couldn't get it to work with IP Range.

 

I just copied your IP range given

 

Did you remember to clear your browser cache (after first setting the rule)?

 

It deletes automatically after closing the browser.

I just tried IP Range again and the same symptom. Switched back to IP Mask and it works ok. I think I'll bring this up on the Comodo forum.

 

The firewall is o.k. against scans,.. drops/blocks DDOS attacks/floods.

 

Hi Stem,

did you get any kind of pop-up and/or audible alerts after initiating the port scan? I tried a scan a few days ago, did not see any, then tried again just now to re-confirm and still nothing. Comodo does log the scan as Medium Severity alerts. Maybe this is something I'll add to the Comodo "Wishlist" unless you know of an alerts option I have missed.

 

Hi cprtech

No,.. no alert popup, and cannot find any setting to enable an alert popup.
(What did you use for scanning,.... nmap?, as these scans for syn/flood cause high alert log event, due to amount/speed)

 

I just used the standard Shields Up scan. I've never heard of nmap, so that is one I'll have to try. Thanks!

 

Just started using Comodo but I'm having some trouble accepting incoming connections on a specific port.

In the Application Monitor the software is in the list and has 2 entries, - 1st is 'Any, Any, TCP/UDP In' and the 2nd is 'Any, Any, TCP/UDP Out'.

With that in place what am I missing to finaly accept those incoming connections?

Do I need to add a rule in the Network Monitor?

Thanks!

 

Yes,.. some info here

 

Cool, thanks! - I see how it works but isn't it a 'problem' to keep the port(s) open at all time? (I mean compared to those firewalls where it's only open for a specific application)

I'm just curious and maybe it doesn't really matter because other parts of the firewall will make sure it's safe...

 

Stem, why is this?

 

Please give some ref to this quote/ question

 

Allowing inbound connections is always going to be a problem, if this is somthing you need to do (as for P2P/ server software), then time is going to be needed to set up correct application rules. But do remember, for inbound connection to achieve, then an application would need to listen on that port.
If you are connected directly to the internet, then care should be taken for allowing any inbound. (if using P2P, then use high numbered ports)
You can check if using P2P,... set the inbound ports for the application,... leave the application off, then port scan that port,... it should show as closed.

 

https://www.wilderssecurity.com/showpost.php?p=831606&postcount=6

 

Jon asked a very good question. I have pointed out this Comodo shortcoming also in some of my posts.
I could not believe when I tried Comodo, I searched and searched their forum, here too, but obviously it is not possible.

One should not need to open ports globally to all the applications that are given server rights. My netphone had only instructions to allow all UDP ports for both incoming and outgoing traffic to a certain IP range.