Author Topic: CIS Firewall - Block Global Incoming Connections except for allowed applications  (Read 570 times)

Offline showstoppre

  • Newbie
  • *
  • Posts: 5
Hi, I'm trying to block all inbound connections except for one application.

Is there a way to achieve that.

I tried these steps.

Firewall Tasks -> Stealth Ports - > Block incoming connections - which added a global to block all inbound

Settings -> Firewall -> Application rules -> Treat as allowed application

But inbound is still blocked for that app. It works when I turn off firewall.

Any help would be appreciated. Thanks

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
You need to create an allow global rule once you know what port(s) are needed by the application.

Offline showstoppre

  • Newbie
  • *
  • Posts: 5
I see, so global rules are processed first then the app rules for inbound connections

Now I got a even weirder issue.

My objective is to only allow inbound only for one app and block rest

So I "Allowed" all inbound in global rules.

Setup two rules in App rules..
Rule#1 - Allow inbound for "my app"
Rule#2 - Block inbound for all applications

But..

Inbound connections are working for all applications. Although they should be blocked by app rule#2.

Am I missing something?

Offline showstoppre

  • Newbie
  • *
  • Posts: 5
Attaching Screenshots



My expectation is only Deluged should be allowed inbound connections and blocked for all other apps.

But inbound connections are working for all apps.

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1806
Please remind that when apps on your computer initiate outbound connections then the corresponding inbound connections belonging to those outbound connections is always granted by CFW. Only inbound connections initiated from outside your computer can be blocked.

Offline showstoppre

  • Newbie
  • *
  • Posts: 5
Yes I'm aware of outbound and inbound connections.

I'm only trying to block connections that don't originate from my computer.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Thats not how your supposed to do it that's why, I said you need to create a global rule to allow only the necessary port/ports that you want the application to accept incoming connections from with the global rules. For example, if you want an application to accept incoming connections on TCP port 80, then you would create a global rule to allow incoming with protocol tcp and destination port 80. Application rules are mainly used to control outgoing connections, while global rules are for setting up incoming connections.

Offline showstoppre

  • Newbie
  • *
  • Posts: 5
Thanks for the suggestion. What you are saying is, Allow inbound connections for particular listen ports, rather than for apps.

I'm just curious though. In the previous screenshot I posted, I don't see anything fundamentally wrong with my rules setup. But why are the incoming connections still getting through for all apps rather than just the one app.

Offline CISfan

  • Comodo's Hero
  • *****
  • Posts: 1806
I kind of had same question a while ago here Firewall traffic rules processing order.
From that thread I didn't get a clear view or answer on how inbound connections are being processed either.

Offline futuretech

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 5349
Thanks for the suggestion. What you are saying is, Allow inbound connections for particular listen ports, rather than for apps.
Yes.

Quote
I'm just curious though. In the previous screenshot I posted, I don't see anything fundamentally wrong with my rules setup. But why are the incoming connections still getting through for all apps rather than just the one app.
Even though that is not the correct way, I don't believe other applications have active incoming connections, assuming those are the only rules defined in both the application and global rules. When I did the same, I get blocked firewall events for MS Edge as it listens for incoming connections and the same when I launch qbittorrent.

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek