Tutorials - A Compiled Resource

[Guest]

[Little Mac]

Default Network Rules (created by "Automatic" installation).  By pandlouk.

Here are the rules that are automatically created by CFP during the installation.

Rule #0
Action = Allow
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = Any
Source Port = Any
Destination Port = Any

Rule #1
Action = Allow
Protocol = ICMP
Direction = Out
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Echo Request

Rule #2
Action = Allow
Protocol = ICMP
Direction = In
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Fragmentation Needed

Rule #3
Action = Allow
Protocol = ICMP
Direction = In
Source IP = Any
Destination IP = Any
ICMP Details = ICMP Time Exceeded

Rule #4
Action = Allow
Protocol = IP
Direction = Out
Source IP = Any
Destination IP = Any
IP Details = GRE

Rule #5
Action = Block (create an alert if this rule is fired)
Protocol = IP
Direction = In/Out
Source IP = Any
Destination IP = Any
IP Details = Any

Interpreting Default Rules  By Little Mac

ID 0 Allows your computer to connect Outbound, as explained by m0ng0d
ID 1 Allows your computer to use Ping utilities Outbound (ping, traceroute, etc)
ID 2 Will Allow a message from the user's router to the computer that fragmentation is needed on an IP datagram; it is a subset of a Destination Unreachable message
ID3 Will Allow a message from the user's router that an IP datagram was discarded due to it taking too long to reach destination or to be recompiled if fragmented; commonly used by traceroute to identify gateways
ID 4 Generic Routing Encapsulation has to do with IP tunneling and Virtual Private Networks; this rule Allows the computer Outbound connection using this protocol.
ID 5 This is your safety net; it must remain in the lowest/last position.  It will Block all traffic (whether In or Out) that has not previously been explicitly or implicitly Allowed.  If you add any rules below this rule, they will be blocked.


Using individual IP addresses.  By pandlouk.

Instead of using the secure zone you can create copies of rules for individual IPs. This is highly recommended for users with wifi networks
For example:
If you have a network with 1 router(IP= x.x.x.1) and 3 pc (IP pc1 = x.x.x.12, IP pc2 = x.x.x.120, pc3 = y.y.y.15) you should create the following rules (at the example we configure CFP on pc1):

Rule #0
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = router
IP details = Any

Rule #1
Action = Allow
Protocol = IP
Direction = In
Source IP = router
Destination IP = pc1
IP details = Any

Rule #3
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = pc2
IP details = Any

Rule #4
Action = Allow
Protocol = IP
Direction = In
Source IP = pc2
Destination IP = pc1
IP details = Any

Rule #5
Action = Allow
Protocol = IP
Direction = Out
Source IP = pc1
Destination IP = pc3
IP details = Any

Rule #6
Action = Allow
Protocol = IP
Direction = In
Source IP = pc3
Destination IP = pc1
IP details = Any

Rule #7 (serves for finding the other 2 pcs by searching their name)
Action = Allow
Protocol = UDP
Direction = In
Source IP = broadcast adress of the router
Destination IP = pc1
Source Port = Any
Destination Port = Any

ps. For finding the brodcast adress of the router you can use:
1. A simple subnet calculator like this one http://net.apollo.lv/subnet.php
2. or with Advanced Subnet Calculator a free program a little more difficult to understand. http://www.softpedia.com/get/Network-Tools/Misc-Networking-Tools/Advanced-Subnet-Calculator.shtml

Filesharing/p2p[/url].  By pandlouk.

There are programs that need to accept incoming connections for fuction properly. A classic example are the filesharing applications like emule, azureus, utorrent, etc.

Lets use Emule and azureus as examples:

For Emule
1. Rule for TCP protocol

Action = Allow
Protocol = TCP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = TCP port of emule

2. Rule for UDP protocol

Action = Allow
Protocol = UDP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = UDP port of emule

For Azureus

Rule for TCP/UDP protocol
Action = Allow
Protocol = TCP or UDP
Direction = In
Source IP = Any
Destination IP = Any
Source port = Any
Destination port = TCP/UDP port of azureus

You should move these rules over the default Block IP IN/OUT

Blocking Rules.  By pandlouk.

Since CFP has statefull inspection of the packets there are two rules for blocking IPs; 1 for blocking outgoing connections and 1 for blocking incoming connections.

1.Blocking outgoing connections
(this rule will prevent your computer to initiate a connection with a banned IP)

Action = Block
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = The IP you want to block
Source port = Any
Destination port = Any

2.Blocking incoming connections
(this rule will prevent a banned IP to initiate a connection with your computer)

Action = Block
Protocol = TCP or UDP
Direction = In
Source IP = The IP you want to block
Destination IP = Any
Source port = Any
Destination port = Any

You should move these rules above all the other rules for working properly

ps.If you want to ban someone in p2p you will need the second rule.
If you want to prevent any comunication with a banned IP both rules are needed

Blocking websites by URL.  By panic.

I just did a quick test and you can block a site by name.

The rule parameters are as follows;

Action : Block
Direction : In/Out
Source : Your LAN Zone or individual IP
Remote - Host : www.something_or_other.com
Protocol : Any

To make this rule work, I had to move it ABOVE the default ALLOW-IN-ZONE-ANY-ANY rule. If it was below this rule in the list the named site would not be blocked because it would be a valid response to an originating request. If the BLOCK rule is moved above the default rule, only the named site is blocked, other sites can still be accessed.

[Little Mac]

Tightening Firewall Rules by p2u

I solved my COMODO configuration problems as follows:
I'm on cable with D-Link FastEthernet Adapter, so I don't need DHCP. I also disabled Windows DNS Client service (every application makes a DNS query itself and only my two ISP's DNS servers are allowed as Destination addresses) + I also disabled a whole bunch of other useless services to such an extent, that svchost asks only access for Windows Update.

COMODO Network Monitor rules:

0. Allow TCP or UDP In or Out from NAME: paul (10.21.xx.xxx) to NAME: localhost (127.0.0.1) where source port is [Any] and destination port is [any]. (Loopback rule)

1. Allow and log UPD Out from NAME: paul (10.21.xx.xxx) to IP RANGE: xx.xxx.1.1 - xx.xxx.1.2 where source port is 1024-4999 and destination port is 53
(DNS rule for my 2 ISP DNS servers only)

2. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [Any] where source port is 1024-4999 and destination port is IN [21,80,443]

3. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [forum.kaspersky.com] 212.5.80.45  where source port is 1024-4999 and destination port is 90

4. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [news.grc.com] 4.79.142.203  where source port is 1024-4999 and destination port is 119

5. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [RANGE] 64.12.0.0 - 64.12.255.255 where source port is 1024-4999 and destination port is 5190

6. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [RANGE] 205.188.0.0 - 205.188.255.255 where source port is 1024-4999 and destination port is 5190

7. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [audio-mp3.ibiblio.org] 152.46.7.128  where source port is 1024-4999 and destination port is 8000

8. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [us.drweb.com] 209.160.33.73  where source port is 1024-4999 and destination port is 64000-65535

9. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to 81.176.67.170 - 81.176.67.172  where source port is 1024-4999 and destination port is 64000-65535

10. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [msk1.drweb.com] 192.168.255.255  where source port is 1024-4999 and destination port is 64000-65535

11. Allow and log TCP Out from NAME: paul (10.21.xx.xxx) to [msk4.drweb.com] 83.102.130.174 - 83.102.130.178  where source port is 1024-4999 and destination port is 64000-65535

12. Allow and log ICMP Out from NAME: paul (10.21.xx.xxx) to IP [Any] where ICMP message is ECHO REQUEST.

13. Block and log TCP/UDP In or Out from IP [Any] to IP [Any] where where source ports is [Any] and destination port is [Any].

14. Block and log ICMP In or Out from IP [Any] to IP [Any] where ICMP message is [Any].

15. Block and log IP In or Out from IP [Any] to IP [Any] where IPProto is [Any].

With these rules, even if I allow something by accident on the Application level, it will be blocked (I saw it in the logs). I'm on a LAN that is highly untrusted. No Trusted Zones have been defined, not even localhost.

Of course, on Application level everything is set to very high security, I don't consider safe what COMODO considers safe (no offense meant), and I don't skip the loopback check. I think these are the maximum settings you can apply. Anything more is redundant and might even weaken the firewall's protection strength. Of course, I have 'Aplication Behaviour Analysis' and 'Component Monitor' enabled (I can't imagine security without them). 'Enable Alerts' is 'On'. This only gives stress during the very first day when you have to set up all the rules for all applications...

[Little Mac]

Set and Forget Setup by Little Mac

If you want a "set and forget" firewall, here's the basic "how to" ~

Install with Automatic - do not select the "Advanced" install (this requires manual configuration and will likely cause you headaches down the road).  Note:  Be sure to turn off/disable any Active/Real-Time security applications - antivirus, antispyware, HIPS, etc prior to installing or uninstalling, as they are likely to conflict and cause problems.

After reboot, Go to Security/Advanced/Miscellaneous, and move the Alert Frequency from Low to Very Low (this will make sure you only get one prompt per application); be sure to leave "Do not show alerts for applications certified by Comodo" checked.  Then go to Security/Tasks/Scan for Known Applications. Follow the prompts, reboot when finished.

If you are using MS's Internet Connection Sharing (ICS - you have multiple "client" computers connected to the internet thru one "host" computer), or if you are using File or Print Sharing behind a router, you will want to run the Network Wizard.  Go to Security/Tasks/Create a Zone to set up a Zone to encompass your computers/printer, etc (where-ever you need to share access); the defaults should work, although they're a broad range.  Then go to Security/Tasks/Define a New Trusted Network; use the Zone you've created.  This will add two rule to the top of the Network Monitor, in positions Rule ID 0 & 1.  One will Allow IP Out from Any to Zone, the next will Allow IP In from Zone to Any.

That should be all you need.  Please don't feel like you need to "tweak" the network rules if you don't have a good grasp of how they work; since this defines how everything communicates.

If you have some specialized applications (games, p2p, etc), you may need some specific application and network rules.  Other than that, probably no less than 90% of your stuff should run with no more than a popup.  Any time you get a popup for an application that needs to connect, just click the box for "Remember" and then Allow (provided you want it to connect); this will create an Application Monitor rule for it, and you shouldn't be bothered again unless something changes (see Application Behavior Analysis).

With Application Behavior Analysis turned on, you may get alerts about an application somehow interacting with another, even after one of those applications has been closed.  This is normal, as it's due to the way Windows operates.  The general rule of thumb is that if you recognize both applications it is safe to Allow.  It's when you don't know both apps that you should be concerned, and Deny (then start finding out what's going on).  If both applications are on Comodo's safelist, you won't see these alerts.

Note:  By using Very Low for Alert Frequency, this decreases the level of detail for each popup and associated Application Rule to application-only.  No Direction, Port, Protocol, or IP info is included.  Thus, if you create a custom rule for an application to include any of this additional detail, it will be overwritten (or an additional rule created) the first time you respond to any popup concerning that application - such as if it updates.  This new rule will be very general, where your previous was more specific.  If you want to continue to use something more specific, you will have to edit the rule; once edited (until the next change), the FW should accept and utilize your details for that application.

[Little Mac]

Screenshots - Capturing and Posting by gordon

How to take a screenshot, upload it to a image-host &
post it on a Board ( like Comodo's Forum )

Sometimes a picture says more than a thousand words. Screenshots can be a great
help when describing a problem with for example Your network-rules .
 
Taking the screenshot :

 First : You should get a specialized program to take screenshots because
it is much more flexible than the built-in Windows " PrtScn " request
that only allows you to take a picture of the entire screen and by default uses
a inferior file-format. Using a screen-shot program you can control exactly what to
capture and the file-format ( quality )to save it in.

 I highly recommend the FREE program  " FastStone Capture " available for
free legal download here : http://www.faststone.org/FSCaptureDetail.htm
Here is a screenshot showing You what it looks like :



You can change the default hotkeys, save-directory, file-format and other options
by clicking " Settings "

 To take a screenshot of your network-rules, simply open " Network monitor "
so it is the active window and press " Shift + PrtScn " .
This will take the screenshot and open the image in  " FastStone editor ", a basic image-editor.
Edit the image if You like, then save it ( to somewhere You can remember )
You should save in either "PNG" (best quality), "GIF" or "JPEG" (smaller file-size, acceptable quality)
if you want to post the image on a board .
Never use the " BMP " format for on-line display, most boards wont show BMP .
 
Uploading your screenshot to a free image-hosting service :

 A image-hosting service allows you to upload a image (or images) to a server
and generates a URL (address) for each image.
You then provide the URL in your forum-post and the image is displayed in your post.
Or You could give the URL to friends/family and they could see Your holiday-pics by entering the URL
in their browser... As you can see image-hosting can be used for many things ..
There are many different free hosting-services to choose from, these are just a few of them :

http://www.imageshack.us/
http://www.photobucket.com/
http://www.thesighost.com/
http://www.hidebehind.com/
http://www.photojerk.com/

You will need to register an account with most hosting-services.

Imageshack is quite easy to use, provides " clickable thumbnails " ,
has a tool-bar for IE-users and there is a great FireFox extension named  " ImageBot "
https://addons.mozilla.org/firefox/1174/
 
Posting Your image :
 
 Just write the post and insert ( copy&paste ) the URL for the image .
The URL's are usually pre-formatted so You don't need to click " insert image "
You can tell if the URL is pre-formatted by making sure it looks something like this :

Code:

[img]urltoyourimage [/img]

Remember to use the " preview post " function that most boards offer .
If your image doesn't show in the preview it's usually because the formatting of the URL is wrong,
most common problem is missing the [image] bb-code or that it's doubled ..
 
 Some boards may have rules for image-posting, always read the board-rules first !
Remember that images require bandwidth : Try to keep the file-size as small as possible
and image size at max. 640x480 or use clickable thumbnails for large images ..
[/color]
Attaching in Comodo Forums by Little Mac

Also, with Comodo's forums, you are not limited to including the images in your post; you may attach the files to your post under Additional Options.  In this way you don't need web-hosting; you can do a direct upload to the forum.

Additional Options is shown in bold red text under the textbox of each post you do (see attached screenshot); when you click that, it will provide a box where you can browse to your locally-saved file; if you need to upload more than one, click the "(more attachments)" for each attachment (see 2nd screenshot).

Moderator's Note:  Please see original topic linked above for the posted screenshots; I didn't think they needed to take up space twice...

Using MS Paint by Toggie

If you don't wish to install an additional program to capture screen shots, you can easily use the PrintScreen function in Windows:

To capture the whole screen, simply press the PrintScrn button (just right of the F12 key)

This will create an image of everything on the entire screen. It then copies that image to the Windows clipboard.

Next, Go to the Start Menu/Run and type mspaint [press enter]
In mspaint, select Edit and then paste. (you can also use <ctrl + v>) You should see the image of your screen in the main window. At this point, you could edit the image, before saving.
Select the File menu, then 'Save As'
Give the file a name and from the 'Save as type', choose PNG
You now have a screen capture.

To select only the active window using this method, press the <Alt> key with PrintScrn.

[Tags:]