Does this make it easier to explain?

[Guest]

[panic]

G'day,

One of the guys at work was having trouble getting his head around the source/remote conditional direction thing in CPF and the only way I  could get it through to him was to substitute the word "From" for "Source" and "To" for destination. It immediately clicked and the final penny fell into place when I substituted "Me" for the relevant "Any"s.

Using this, real noobs (and I mean banjo playing type REAL noobs!!) got it straight away. Maybe this terminology may be better.

Screen shot is attached

What do you all think?

Ewen :-)

[m0ng0d]

hey, tell me I was right in my thread  http://forums.comodo.com/index.php/topic,1102.0.html
 :

[panic]

hey, tell me I was right in my thread  http://forums.comodo.com/index.php/topic,1102.0.html
 :

You're spot on! I just found that changing the text made it so easy to get the knowledge across to the guys/gals at work.

So tell me, does the screen shot make it easier to understand/explain?

ewen :-)

[pandlouk]

Hi panic,

With the first 2 rules you have at the image the guys will have a lot of trouble during printing through Lan.

I agree that something like "me" or maybe "my IP x.x.x.x" could help the novice

[panic]

Hi panic,

With the first 2 rules you have at the image the guys will have a lot of trouble during printing through Lan.

I agree that something like "me" or maybe "my IP x.x.x.x" could help the novice

How come?
Those rules are the two rules generated by adding a trusted zone. I just changed the text labels.
Wouldn't these still work?

Ewen :-)

[pandlouk]

The 2nd rule is the main problem:

allows only incoming connections that are initiated by your machine.
If you send to print multiple pages, the first one will print just fine. But then the server will probably initiate a new incoming connection for informing your pc that has finished and can send him the second page. This probably will be blocked, since will be an incoming request with source your zone and destination your pc. And this is not covered by the rule:
In,my,zone,any

but is covered from the default:
In,any,zone,any

[panic]

The 2nd rule is the main problem:

allows only incoming connections that are initiated by your machine.
If you send to print multiple pages, the first one will print just fine. But then the server will probably initiate a new incoming connection for informing your pc that has finished and can send him the second page. This probably will be blocked, since will be an incoming request with source your zone and destination your pc. And this is not covered by the rule:
In,my,zone,any

but is covered from the default:
In,any,zone,any

Wouldn't the original print request be allowed by the first rule (allow, out, from me, to zone, any - where I am sending outbound an IP packet of some sort from my IP to another IP within the defined zone) and the subsequent request from the printer be covered by the second rule (allow, in, FROM ZONE, TO ME, any - where an IP address on the defined zone is sending some sort of IP packet to me)?

ewen :-)

[m0ng0d]

You're spot on! I just found that changing the text made it so easy to get the knowledge across to the guys/gals at work.

So tell me, does the screen shot make it easier to understand/explain?

ewen :-)

Even just having the [Me] replacements helps the understanding.

The 2nd rule is the main problem:

allows only incoming connections that are initiated by your machine.
If you send to print multiple pages, the first one will print just fine. But then the server will probably initiate a new incoming connection for informing your pc that has finished and can send him the second page. This probably will be blocked, since will be an incoming request with source your zone and destination your pc. And this is not covered by the rule:
In,my,zone,any

but is covered from the default:
In,any,zone,any

I've always set my printers to spool, then print... is this why i would have never seen this type of problem?  My PC would send the whole print job... and if anything was to come back, it would be to say the job was done... but I'm thinking that my spooler connected to the spooler of the print server would be taking care of that info routing... and not a "secondary" communication from the server.

[pandlouk]

Wouldn't the original print request be allowed by the first rule (allow, out, from me, to zone, any - where I am sending outbound an IP packet of some sort from my IP to another IP within the defined zone) and the subsequent request from the printer be covered by the second rule (allow, in, FROM ZONE, TO ME, any - where an IP address on the defined zone is sending some sort of IP packet to me)?

ewen :-)

Hi panic,
you are right about this.
My mistake, I must have been very tired when I wrote this.

[Tags:]