Summary of Network rules

[Guest]

[pandlouk]

Since a lot members get confused with the Network rules I decided to create this topic to gather the various rules in one place.

[pandlouk]

Here are the rules that are automatically created by CFP during the installation.

Rule #0
Action = Allow
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = Any
Source Port = Any
Destination Port = Any

Rule #1
Action = Allow
Protocol = ICMP
Direction = Out
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Echo Request

Rule #2
Action = Allow
Protocol = ICMP
Direction = In
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Fragmentation Needed

Rule #3
Action = Allow
Protocol = ICMP
Direction = In
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Time Exceeded

Rule #4
Action = Allow
Protocol = IP
Direction = Out
Source IP = Any
Destination IP = Any
IP Details = GRE

Rule #5
Action = Block (create an alert if this rule is fired)
Protocol = IP
Direction = In/Out
Source IP = Any
Destination IP = Any
IP Details = Any

[pandlouk]

Instead of using the secure zone you can create copies of rules for individual IPs. This is highly recommended for users with wifi networks
For example:
If you have a network with 1 router(IP= x.x.x.1) and 3 pc (IP pc1 = x.x.x.12, IP pc2 = x.x.x.120, pc3 = y.y.y.15) you should create the following rules (at the example we configure CFP on pc1):

Rule #0
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = router
IP details = Any

Rule #1
Action = Allow
Protocol = IP
Direction = In
Source IP = router
Destination IP = pc1
IP details = Any

Rule #3
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = pc2
IP details = Any

Rule #4
Action = Allow
Protocol = IP
Direction = In
Source IP = pc2
Destination IP = pc1
IP details = Any

Rule #5
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = pc3
IP details = Any

Rule #6
Action = Allow
Protocol = IP
Direction = In
Source IP = pc3
Destination IP = pc1
IP details = Any

Rule #7 (serves for finding the other 2 pcs by searching their name)
Action = Allow
Protocol = UDP
Direction = In
Source IP = broadcast adress of the router
Destination IP = pc1
Source Port = Any
Destination Port = Any

ps. For finding the brodcast adress of the router you can use:
1. A simple subnet calculator like this one http://net.apollo.lv/subnet.php
2. or with Advanced Subnet Calculator a free program a little more difficult to understand. http://www.softpedia.com/get/Network-Tools/Misc-Networking-Tools/Advanced-Subnet-Calculator.shtml

[pandlouk]

There are programs that need to accept incoming connections for fuction properly. A classic example are the filesharing applications like emule, azureus, utorrent, etc.

Lets use Emule and azureus as examples:

For Emule
1. Rule for TCP protocol

Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = TCP port of emule

2. Rule for UDP protocol

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = UDP port of emule

For Azureus

Rule for TCP/UDP protocol
Action = Allow
Protocol = TCP or UDP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = TCP/UDP port of azureus

You should move these rules over the default Block IP IN/OUT

[pandlouk]

Since CFP has statefull inspection of the packets there are two rules for blocking IPs; 1 for blocking outgoing connections and 1 for blocking incoming connections.

1.Blocking outgoing connections
(this rule will prevent your computer to initiate a connection with a banned IP)

Action = Block
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = The IP you want to block
Source port = Any
Destination port = Any

2.Blocking incoming connections
(this rule will prevent a banned IP to initiate a connection with your computer)

Action = Block
Protocol = TCP or UDP
Direction = In
Source IP = The IP you want to block
Destination IP = Any
Source port = Any
Destination port = Any

You should move these rules above all the other rules for working properly

ps.If you want to ban someone in p2p you will need the second rule.
If you want to prevent any comunication with a banned IP both rules are needed

[pandlouk]

Here is an image of all the above rules together.

[AOwL]

Great work Pandlouk!

(just delete my post if it's in the way of your rules...)

Sweet pandlouk, very nice. I wouldn't ruin your FAQ.

Edit: Don't mess with my posts Kail!

[pandlouk]

Great work Pandlouk!

(just delete my post if it's in the way of your rules...)

Sweet pandlouk, very nice. I wouldn't ruin your FAQ.

Hehe. 
Thanks AOwL but it cannot compare with your noob guide.

ps. anyone can post here. I had locked it temporary for being able to put those rules one after another without interaptions

[Simplicity]

Newbie here   

I installed Comodo on 2 of my computers last night and promptly lost my home network (Internet still worked on both computers tho)
I stumbled my way through the menus and found this last option you put in the message...
As soon as I deleted that rule from both computers I found my computers would talk to each other again...
Please tell me I haven't done something very wrong.. 

Rule #5
Action = Block (create an alert if this rule is fired)
Protocol = IP
Direction = In/Out
Source IP = Any
Destination IP = Any
IP Details = Any

[AOwL]

Welcome to the forum

You have done something very wrong... shame on you...
Put that back immediately!

Have you made a trusted zone/network? (security/tasks)

[Simplicity]

Ooopppsss 
Will copy the line from this thread in an attempt to put it back again..

Trusted Zone??? - Ummm all I done is install the program, I chose the automatic thing on install, so thought that would set things up..

I think I might uninstall the firewall from both computers and then reinstall it again, that way anything I touched will be gone, then I can look for the trusted zone thing 

Thank you very much for your reply 

Welcome to the forum
You have done something very wrong... shame on you...
Put that back immediately!
Have you made a trusted zone/network? (security/tasks)

[pandlouk]

You can use the wizard for the trusted zone, or you can built a more Restricted Secure Zone http://forums.comodo.com/index.php/topic,5340.msg39466.html#msg39466 ,which is more secure for wifi connections

[Simplicity]

Thanks for the reply, much appreciated..
As I said above I going to uninstall and then reinstall, that way things will be back to the way they are, then I will try that wizard to see if I can get my computers talking again..
I presume there is a way to have it setup to allow a port range (eg: 192.168.*.*) in it, as I have noticed in the past that sometimes the IP addresses of my computers change.
Anyway, will give it a go and see what happens (I not too technical, cause at 52yrs old my brain takes a while to  figure things out)

You can use the wizard for the trusted zone, or you can built a more Restricted Secure Zone http://forums.comodo.com/index.php/topic,5340.msg39466.html#msg39466 ,which is more secure for wifi connections

[Simplicity]

Well thank you both for your help, I reinstalled the firewall on both computers, ran that Wizard and now have my computers talking to each other again..
Wizard was really easy to do, wasn't as bad as I though it would be.. Very straight forward..

Since you people around here so friendly and helpful, methinks I will uninstall avg and install your antivirus as well 

[Geekboy]

Hi Panlouk

Thanks for the rules.  I have also read M0ng0d article on network rules with no joy in solving my problem.
I have just installed CPF on my desktop and have been attempting a setup to enable ad-hoc wireless connection from my laptop using the trusted zone wizard.  With CPF set to 'allow all' the wireless network adapters communicate and the laptop is assigned a 192.168.0.x IP address and am able to surf the net.  Putting CPF back to 'custom' still enables internet connection.  Great.
My problem is getting the wireless adapters to communicate while CPF is in the normal custom mode.   The desktop wireless adaptor is manually configured to 192.168.0.1 etc  but the laptop gets no communication and defaults to the 169.254.x.x IP address.

I have put the desktop wireless adapter in the trusted zone with the 192.168.0.0/255 range and left the ethernet adapter in the internet zone.  I assume that is correct.   
My rules seem to agree with what has been written so I assume I am missing something obvious.

Any help appreciated

[Tags:]