Author Topic: Are these good system rules?  (Read 2015 times)

Offline doveman

  • Comodo Loves me
  • ****
  • Posts: 110
Are these good system rules?
« on: May 11, 2012, 01:52:32 AM »
I have a LAN connected via a ADSL modem/router.

I just want to check whether the rules shown in the attached pictures are sensible.

[LAN] includes 192.168.1.64:255.255.255.0 and 127.0.0.1:255.0.0.0 whilst [MS Loopback Adapter] is 192.168.2.1 and is only used for Mediaportal's TVservice.

The Allow LAN rule allows IP In/Out from LAN to LAN and I presume having that under All Applications eliminates the need for specific rules for any applications that I want to access the LAN but not the Internet.

I did have some trouble with some programs (games mostly) not working on the LAN, which seemed to require the Allow UDP to 255.255.255.255 rule shown under svchost and All Applications. I'm not sure if svchost and All Applications actually need that or if there's a better rule I could use instead.

I'm also not sure if the Global Rules are right. I used the Stealth Ports Wizard "Define a new Trusted Network" but I'd have thought it would have added some more Block Rules to block traffic to/from ports not in the LAN.




Offline doveman

  • Comodo Loves me
  • ****
  • Posts: 110
Re: Are these good system rules?
« Reply #1 on: May 18, 2012, 11:48:40 AM »
Just bumping in the hope someone could take a look and advise whether it looks OK.

EDIT: The attached screenshot is from Win7 x32 which doesn't seem to use the Windows Operating System rule (the previous were from Win7 x64) I've tweaked the rules a bit. I've put 192.168.1.68:255.255.255.0, 192.168.2.1:255.255.255.0 and 127.0.01:255.255.255.0 all in one Network Zone to make things simpler.

« Last Edit: May 18, 2012, 11:59:31 AM by doveman »

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 18667
Re: Are these good system rules?
« Reply #2 on: May 18, 2012, 05:28:53 PM »
The All Applications rule is on top. This will force all rules underneath it to follow the rule set by the All Applications rule. This renders the rules for those applications useless.

Can you tell us what you would like to establish?

Offline doveman

  • Comodo Loves me
  • ****
  • Posts: 110
Re: Are these good system rules?
« Reply #3 on: May 19, 2012, 04:54:18 AM »
I added the All Applications rule to allow all traffic on the LAN as I don't want/need to create individual rules for LAN traffic, only for programs that access the Internet. I don't understand what you're saying about the All Applications rule, as you seem to be saying when this exists, there's no point having any other rules but this obviously isn't true as I still need rules to allow programs Internet access, which is not allowed by the All Applications rule.

I'm still not sure why I seem to need a UDP out to IP 255.255.255.255 rule for most programs/games to work on the LAN. If this is correct, shall I just add a rule to allow it to my All Applications group?

Win 7 x32 seems to be a lot simpler in terms of firewall rules, as it's only got the System, Windows Updater Applications and Windows System Applications sets, whereas Win 7 x64 has these two plus Windows Operating System and I seem to have had to add a rule for svchost.exe as well but I'll try tidying up the rules along the lines of the Win7 x86 screenshot and delete the svchost rule and see if it's OK.

Offline doveman

  • Comodo Loves me
  • ****
  • Posts: 110
Re: Are these good system rules?
« Reply #4 on: May 28, 2012, 01:12:28 PM »
Can someone confirm that my Allow LAN (All Applications) rule at the top of the list is the appropriate way to achieve what I want, which is to allow all traffic on the LAN so that I only get alerts and need to create rules for those programs that try to also access the Internet?

Also could someone confirm whether I should need the "Allow UDP out to IP 255.255.255.255" rule for my LAN games to work, as I seem to?

Offline EricJH

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 18667
Re: Are these good system rules?
« Reply #5 on: May 29, 2012, 11:01:29 AM »
I added the All Applications rule to allow all traffic on the LAN as I don't want/need to create individual rules for LAN traffic, only for programs that access the Internet. I don't understand what you're saying about the All Applications rule, as you seem to be saying when this exists, there's no point having any other rules but this obviously isn't true as I still need rules to allow programs Internet access, which is not allowed by the All Applications rule.
When I  said  "This renders the rules for those applications useles" that was too strong. Sorry about that.

When the "All Applications" rule exists (f.e in Internet Security Configuration) then application rules being made will be placed underneath this rule. When rules are underneath the ""All Applications" they follow the rule set by the "All Applications" rule.

So, to make rules effective they then need to be moved to a place above the "All Application" rule. Often when people run into programs not working according to a rule it is because of this. That is why I am mentioning it.

Quote
I'm still not sure why I seem to need a UDP out to IP 255.255.255.255 rule for most programs/games to work on the LAN. If this is correct, shall I just add a rule to allow it to my All Applications group?
You can do that. Traffic to 255.255.255.255 UDP is a socalled broadcast; an application or the OS lets other computers on the LAN know it's there.

Quote
Win 7 x32 seems to be a lot simpler in terms of firewall rules, as it's only got the System, Windows Updater Applications and Windows System Applications sets, whereas Win 7 x64 has these two plus Windows Operating System and I seem to have had to add a rule for svchost.exe as well but I'll try tidying up the rules along the lines of the Win7 x86 screenshot and delete the svchost rule and see if it's OK.
The differences are not there because of inherent differences between the Win 7 x86 and x64 platforms. They are the result of different configuration strategies (which may be born because of different programs on the two platforms and because of different standard configurations being used (Internet Security for the one and Proactive Security for the other)).

Talking about two configurations on two different Operating System will be very confusing when they get compared. I would like to suggest to focus on one platform in this topic and start another topic for the other platform.

Can someone confirm that my Allow LAN (All Applications) rule at the top of the list is the appropriate way to achieve what I want, which is to allow all traffic on the LAN so that I only get alerts and need to create rules for those programs that try to also access the Internet?
Can you write down the rule in detail?

Quote
Also could someone confirm whether I should need the "Allow UDP out to IP 255.255.255.255" rule for my LAN games to work, as I seem to?
I would think that the broadcast may be needed for the games to find each other on the LAN.

Offline doveman

  • Comodo Loves me
  • ****
  • Posts: 110
Re: Are these good system rules?
« Reply #6 on: May 29, 2012, 12:07:50 PM »
When I  said  "This renders the rules for those applications useles" that was too strong. Sorry about that.

When the "All Applications" rule exists (f.e in Internet Security Configuration) then application rules being made will be placed underneath this rule. When rules are underneath the ""All Applications" they follow the rule set by the "All Applications" rule.

So, to make rules effective they then need to be moved to a place above the "All Application" rule. Often when people run into programs not working according to a rule it is because of this. That is why I am mentioning it.

Thanks for clarifying what you meant. However what you're saying doesn't seem to be what happens on my system. I have the "All Applications" ruleset at the top, which contains one rule to Allow UDP Out to 255.255.255.255 and another rule to Allow IP In/Out from NZ (Network Zone): LAN to NZ: LAN. I still need to create addtional separate rulesets for any applications that I want to be able to access the Internet and these are all below the All Applications rule (and the System, Windows Operating System, Windows System Applications, etc rules).

It also doesn't cause new rules to be created above it. I just tested again by deleting a rule for an application, running the application and allowing access when the Alert appeared and the new rule for the application was created at the top of the list as usual.

Quote
You can do that. Traffic to 255.255.255.255 UDP is a socalled broadcast; an application or the OS lets other computers on the LAN know it's there.

Thanks, it did seem necessary but it's good to know why and that it's not a security risk.

Quote
The differences are not there because of inherent differences between the Win 7 x86 and x64 platforms. They are the result of different configuration strategies (which may be born because of different programs on the two platforms and because of different standard configurations being used (Internet Security for the one and Proactive Security for the other)).

Talking about two configurations on two different Operating System will be very confusing when they get compared. I would like to suggest to focus on one platform in this topic and start another topic for the other platform.

Yes, sorry for confusing the issue. I just noticed the differences and mentioned it in case it suggested something was wrongly configured on one or the other system. I'll stick to discussing my Win 7 x64 system for now.

Quote
Can you write down the rule in detail?

All Applications
 Allow and Log UDP Out from MAC Any to IP 255.255.255.255 Where Source Port is Any and Destination Port is Any
 Allow IP Any In/Out from NZ: LAN to NZ: LAN

Quote
I would think that the broadcast may be needed for the games to find each other on the LAN.

That makes sense and explains why I needed to add this rule for my games.

 

Seo4Smf 2.0 © SmfMod.Com | Smf Destek