COMODO Firewall + mIRC

[Guest]

[Radaghast]

The rule should look like this, right?

Allow TCP Or UDP In From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is In [1024-5000]

Correct.

Why do I have to create a Global Rule if the rule is already an Application Rule? Global Rule allows this for all applications, right? Shouldn't I only want this rule for mIRC?

The reason you need this, is the same reason you have the Global torrent rule, the last item in you Global  list blocks all unsolicited inbound connections. Without these explicit allow rules, the application would never see the inbound requests.

Remember, when you allow connections through Global rules, only an application listening on those ports will respond. That said, if you wish to make the port window smaller, choose a smaller number of ports in MIRC.

If I have to allow IDENT, the rule should look like this, right?

Allow TCP In From MAC Any To MAC Any Where Source Port Is Any And Destination Port Is 113

Correct.

[Sode no Shirayuki]

So... If I understand correctly, Global Rules take precedence over Application Rules so we have to add the Global Rule?

[Radaghast]

So... If I understand correctly, Global Rules take precedence over Application Rules so we have to add the Global Rule?

You only need a Global rule for applications requiring server rights and then only if you have a block rule that denies all unsolicited inbound connections. If you were to remove the final rule in your Global list, you wouldn't need to allow these connections, other than with Application rules, but then you'd loose some control over unwanted traffic that can create a lot of junk entries in your logs. One consideration, if you're behind a router with a decent firewall, you can probably dispense with Global rules, as the router is doing that job already.

Take a look at:
Application Rules
Global Rules

[Sode no Shirayuki]

Okay, thanks. I've added the rules.

[clockwork]

Just to explain what i had in mind :
I keep my programs in a state, where they can connect to the internet, and where they can receive requested packets.
If someone wants to send me a file, and the program would require ingoing traffic beyond the "outgoing only" structure (example msn; but not skype which can do it with only an outgoing rule at all), i would just allow it per case. As it isnt regularly happening here.
Thats why i said: Allow it temporary.
And if its for you regularly happening, and you dont want to answer that questions, i mentioned: Make very specific rules for that case.

Maybe language lead to confusions.



Sidenote: Its very usefull that we get a question about ingoing filetransfer attempts which are initiated in a chat of a program that got outgoing only permission, while having also a global rule which blocks unrequested ingoing traffic attempts in the same time. Otherwise we would have to make exceptions in global rules. Thats a smart aspect of this firewall.

[ZBTSI]

- Configuring mIRC

1) The guide says, I can use a single port or as many as ten ports for downloading/uploading. mIRC defines ports 1024-5000 by default. Should I change it so mIRC only defines 10 ports? If so, what ports should I use?

File transfers in mIRC (DCC) work backwards from what you might expect. When you attempt
to send someone a file, it actually results in an incoming connection attempt.  What happens
is that your client (mIRC) sends your IP address and a port number to the party on the other
end over the IRC server. Using that information, the other party initiates a direct connection
to your client over the Internet, independent of any IRC server. The file is then transmitted
to the other party. I use a port range of 8990-8999 for this purpose, and have created an
appropriate inbound firewall rule.

I also allow incoming connections on port 113 for ident server.

Regards.
 

[Tags:]