How To - Understanding & Creating Network Control Rules properly

[Guest]

[xarienne]

Hi There,

You all were very kind back in December in helping me make sure my NetCon rules were correct/secure.

But, alas, last week that particular computer decided its time with this world was done and, since my new computer has Vista, I've recently upgraded to CFPv3.

I've done the best I can with setting up my Application and Global Rules (based on what I'd had in v2.4), but must admit to some confusion with the new "Network Security Policy" area.

At this point, this is what I've ended up with (attached).

Could someone take a look through and let me know if there are any suggested changes I should make?

Many thanks, xari.

[panic]

Looks good. Nice compact set of global network rules. I'd double check whether Windows Sidebar really needs outbound access, though.

[xarienne]

Looks good. Nice compact set of global network rules. I'd double check whether Windows Sidebar really needs outbound access, though.

Will do. Thanks so much!  --xari.

[And I like your sig!]

[BuzzandWoody69]

Hi, first off can I say m0ng0d great post!  Its helping, me understand a lot.
Can I ask which verison you are currently using and why?

I'm new to Comodo and I'm still finding me way through "my new firewall world2!!! 
It would be very helpful tho, if you could update your post with a new guide for us newbie's for the latest verison!

Thanks again!

[Josh123]

Hi, first off can I say m0ng0d great post!  Its helping, me understand a lot.
Can I ask which verison you are currently using and why?

I'm new to Comodo and I'm still finding me way through "my new firewall world2!!! 
It would be very helpful tho, if you could update your post with a new guide for us newbie's for the latest verison!

Thanks again!

Hi BuzzandWoody69 & Welcome to the Forums! 

The latest version can be found here

Version 3.0.21.329 is currently the latest. Release notes can be found here

Josh

[BuzzandWoody69]

Thanks for your reply Josh!

[m0ng0d]

wow... almost 2 years later and this post is still helpful    That is just awesome!

It just doesn't seem all that long ago that I spent 4-5 hours laying out, building, and tweaking this guide until I was happy with it... but when the lights came on when I finally "got it", I just had to write it down... I think the hardest part was looking past all the formatting code while I was writing/re-reading it... if you think the final output is long... you should see the complete code behind it...
 

I must confess though, I am still amazed that it receives less hits than pandlouk's Emule and bittorent tuttorials

[panic]

Quality, unlike you or I, doesn't age. 

[eldoctor]

Hello...

Hope it is the right place to post my question.

I was happy to find a free firewall that I could use on vista x64.

Anyway, there must be something I don't get :

I am using Comodo Firewall 3.0.22.439, in custom policy mode.
I have a local network : 192.168.0.12/255.255.255.0 (my comodo computer is 12).

In network security policy, I have one global rule :
"Allow All Incoming Requests If The Sender Is  In [Local Area Network #1]". Local Area Network #1 is 192.168.0.12/255.255.255.0.

When 192.168.0.11 starts a vnc connexion to 192.168.0.12, Comodo FW on 192.168.0.12 tries to learn application behaviour (incoming) for winvnc4.exe.
I would have thought that my global rule would have covered this case...

Anything I got wrong?


Thanks!

[panic]

G'day and welcome to the forums.

What is happening on your system is actually what is supposed to happen.

The network security policies determine HOW something can get in or out.
The application rules determine WHAT can get out. 

Your global rule covers the fact that a port needs to be opened. The application side of things is monitoring what application is using that opened port. If no application is running, CFP will stelath the port, even if you have a rule that says it is needed.

Think of this as "adaptive stealthing".

Hope this helps,
Ewen :-)

[eldoctor]

Well... Not easy...

Anyway, with your help and the online help also (should have looked there first ), I think I will manage it...

[Tags:]