Author Topic: How To - Understanding & Creating Network Control Rules properly  (Read 262991 times)

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #30 on: December 19, 2006, 10:16:28 AM »
Just a quick question. I have these rules set as the above default with the trusted network included. How come I mainly see Outgoing Blocked items (re Rule 7) yet very very few incoming blocked items? Is it just a case that I'm going to relatively safe sites? just asking...

Most likely you are using a router/firewall that is protecting/stealthing you from inbound unsolicited traffic.

We also need to keep in mind that an Outbound rule does contain an InBound side... for the results of your request to come back to you.
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline Eric Cryptid

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 2932
  • Security Saskquatch
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #31 on: December 19, 2006, 11:13:07 AM »
Thanks for your reply...  Yeah, I've got a Linksys WAG354G Gateway with it's firewall switched on. Back when I as a ZA user I used to get all sorts of blocked incoming though I expect CPF filters the stuff better. Anyways, thanks for answering my question.

Eric

Moderator: Any concerns? PM me and/or review the Forum Policy
System: 64 bit Win 10
Realtime Protection:CIS 12

Offline Rotty

  • Comodo's Hero
  • *****
  • Posts: 903
  • http://www.venganza.org/ - Noodly Appendage
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #32 on: December 19, 2006, 06:20:10 PM »
CPF would only filter it better if your firewall does not have SPI (A good implementation).

Actually, does anyone know how good the implementation of the most popular brands like billion, dlink, netgear is?  I would really like to see some technical papers (-: ..

cheers, rotty
The opinions expressed in my posts are my own. 
They do NOT necessarily represent or reflect the views of my employer.

Offline AOwL

  • Comodo SuperHero
  • Comodo's Hero
  • *****
  • Posts: 2349
  • Comodo Firewall Pro - Be safe, use protection...
    • NordicNatureMedia
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #33 on: December 20, 2006, 09:13:29 AM »
CPF would only filter it better if your firewall does not have SPI (A good implementation).

Actually, does anyone know how good the implementation of the most popular brands like billion, dlink, netgear is?  I would really like to see some technical papers (-: ..

cheers, rotty

Do you mean how good CFP works with routers?

Offline imaginos

  • Newbie
  • *
  • Posts: 9
  • Every day above ground is a holiday
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #34 on: December 22, 2006, 04:19:21 PM »
WOW, WOW, WOW...

again...WOW...

I have spent the last 2 - 3 HOURS pouring over every single thread I could find to help me - a newbie to COMODO and network rules - understand if the default network rules the software has defined for me out-of-the-box is something I should add to, modify, or just leave alone...

Be forewarned gurus and those who answer questions on this forum: I am slowly compiling several (no, numerous) questions that will hopefully educate me on different aspects of the firewall in general, but it seems fitting to jump in here for a clarification, and also to introduce myself as a newcomer and someone who will be asking many questions in the future (like a fifth grader in sex ed). Okay, well maybe that's a stretch.

But a quick question before I go back to compiling even more questions in my quest to understand:

Monogod states in this thread "If you run the Add Trusted Network Zone wizard (if you share a LAN with other PC's), you will also get: (which I promote to be the new ID 0 & 1 rules)ID    Permission       Protocol         Source     Destination    Criteria
0      Allow                IP Out             Any            ZONE         
1      Allow                IP In              ZONE            Any         "

Monogod, so just to be clear:

1) if I have a Home Lan, you advocate replacing the default rules 0 and 1 with these. Is that correct?

2) What does Comodo consider a LAN? Actual computers talking to one another behind the firewall? What if I only have one computer, one printer, a wireless router and an external hard drive? Is that set up considered a LAN? If so, how come I never see any alerts when I connect to my external drive or printer? Note: I have seen Pandlouk's thread that recommends adding the IP address as the router as trusted (see I told you I always read first!), but I'm still working through that one because I'm not sure how to find the IP address of my 2WIRE wireless router. PS - if anyone knows how I can do that, please speak up, otherwise I'll post that question in my "questions to post" thesis coming up. I'm not sure if Pandlouk means put the WAN address or LAN address, or even how to know where to find it for the wireless router. I know how to do an "ipconfig", but not sure of which address I need, or even if "ipconfig" will give me the address Pandlouk speaks of.

3) If what I have is not considered by COMODO to be a "LAN", then do I need to change the COMODO default rule 0 and 1. Indeed, can I DELETE them if I do not have to replace them with the ones you recommend?

Many more questions to come folks, I'm just warming up! But it is nice to see a bunch of really nice down-to-earth people on a forum for a change that don't talk down to those that don't have a clue. I've read many, many threads on this forum and can tell that most just enjoy talking about these types of things.

Happy Holidays!

imaginos
« Last Edit: December 22, 2006, 04:38:08 PM by imaginos »
IBM Thinkpad, Intel Pentium M 1.80 GHz, Comodo Firewall, Spybot S&D, Ewido Anti-Spyware, Spysweeper 5.0

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #35 on: December 22, 2006, 05:52:00 PM »
Welcome, imaginos, bring on the questions!  Someone will answer... ;)

A couple quick points of clarification:

The 2 rules for the LAN/Network which m0ng0d proposes as the "new" rules 0 & 1 does not mean to remove the original rules 0 & 1, if I have understood him correctly in the past.  You have six rules created by default with an Automatic installation.  When you run the network wizard, you get the two additional rules, which should be in positions 0 & 1, thus giving you a total of eight rules.

If your external HD & printer are USB/FireWire/etc items, you will not see them.  They're not a "networked".  If your external HD and printer are connected to some sort of network hub/switch for hardware, and then that hub is connected to your router, then that's a different story; they are part of the network and should be seen.

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #36 on: December 22, 2006, 07:50:00 PM »
First off, welcome to the forums.

1) if I have a Home Lan, you advocate replacing the default rules 0 and 1 with these. Is that correct?

I guess my "document" is getting a little outdated.  In earlier CPF versions, new rules added through the wizard were placed at the bottom of the list (current verison now puts them up top where they belong)... therefore, you had to promote them to the top (raise them up higher in the list).  Rules are handled/followed in the order listed... which is why any rule you create will need to be above the last rule which BLOCKS all in/out traffic.

I was not suggesting replacing any rules... simply reordering them.

2) What does Comodo consider a LAN? Actual computers talking to one another behind the firewall? What if I only have one computer, one printer, a wireless router and an external hard drive? Is that set up considered a LAN? If so, how come I never see any alerts when I connect to my external drive or printer? Note: I have seen Pandlouk's thread that recommends adding the IP address as the router as trusted (see I told you I always read first!), but I'm still working through that one because I'm not sure how to find the IP address of my 2WIRE wireless router. PS - if anyone knows how I can do that, please speak up, otherwise I'll post that question in my "questions to post" thesis coming up. I'm not sure if Pandlouk means put the WAN address or LAN address, or even how to know where to find it for the wireless router. I know how to do an "ipconfig", but not sure of which address I need, or even if "ipconfig" will give me the address Pandlouk speaks of.

Comodo considers nothing to be the LAN.  The perspective to CPF is that it is alone in the world and cares only to protect the PC that it is installed on.

But by using the trusted Zone Wizard, we can tell Comodo that some IP (or range of IP's like a LAN IP Range) is considered friendly/trusted... allowed to talk with your PC.  And there is no rule that says you can only have one trusted "zone".

The bonus of creating a zone is that it allows us to enter a limited number of rules.  Imagine if you had a LAN of 10 PC's... to save you from having to enter 10 rules is why Zones are so handy. 

But when the only other network device is your Wireless Router, then you should not have to create a zone at all.. but merely a rule (or rules) as Pandlouk's guide for keeping a wireless network secure suggests.  In fact, if you did define wide zone, and someone did manage to hijack your internet connection (break into your wireless)... they would be on the same LAN as you and could possibly browse your PC and steal information.... not a good thing.

External drive and printers are peripherals of your PC... unless they are network devices that use RJ-45 (ethernet) connections and grab network IP's.

If you currently have wireless connectivity, you should be able to use the "Gateway" defined/listed in ipconfig as your routers address.

3) If what I have is not considered by COMODO to be a "LAN", then do I need to change the COMODO default rule 0 and 1. Indeed, can I DELETE them if I do not have to replace them with the ones you recommend?
You are a LAN of one; 1 PC on a LAN network with no neighbor PC's.  Take away your router, and you are not on a LAN.

You will need to add (not replace) the rule(s) that Pandlouk has outlined in his wireless post, but using your Router's IP of course.


Hope that helps!

Oh, and make sure you enable WPA security on your Wireless router as well.
 (S)
« Last Edit: December 22, 2006, 07:58:08 PM by m0ng0d »
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline imaginos

  • Newbie
  • *
  • Posts: 9
  • Every day above ground is a holiday
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #37 on: December 23, 2006, 02:40:24 PM »
Thanks for the welcome. I knew you would be helpful.

All that is understood, actually. Scary.

A couple clarifications though please:

1)

ipconfig returns:

Connection-specific DNS Suffix. : gateway.2wire.net
IP Address: ..............................: 198.168.1.105
Subnet Address:.......................: 255.255.255.0
Default Gateway.......................: 192.168.1.254

So in my "trusted zone" I want to add 192.168.1.254, correct? Please confirm. Also, when I define a "trusted zone" for my wireless router do I use the same IP address for the start range and the end range?

2) So by doing #1 above, I am telling Comodo that the only network device that is allowed to communicate with my laptop is the router, right? And since that is the only "networking" device I have in my setup, I'm good to go? And yes, all the peripherals I mentioned before are all USB/Firewire connected, so they would not be considered networking devices.

3) To better enhance correspondence here, how does one insert a screenshot into a post? I see the  "insert image" option, but it simply gives me the html img tags. Can I not just paste an image from the windows clipboard, or do I have to have a URL to refer to or upload an image?

Thanks again,

imaginos



« Last Edit: December 23, 2006, 02:43:55 PM by imaginos »
IBM Thinkpad, Intel Pentium M 1.80 GHz, Comodo Firewall, Spybot S&D, Ewido Anti-Spyware, Spysweeper 5.0

Offline Little Mac

  • Forum Volunteer
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 6303
  • The Colonel told me to.
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #38 on: December 23, 2006, 07:17:51 PM »
I'll let m0ng0d answer the wireless router question, but I'll take on the 2nd one.

You can attach a screenshot by using the "Additional Options" right below the text box, for a jpg, gif, etc.  If you want to paste into your text, you'll need to use something like imageshack, photobucket, etc to host the picture and generate the html coding for it, to include here.

I personally prefer the attachment to the inline image, but that's just me... ;)

LM
These forums are focused on providing help and improvement for Comodo products.  Please treat other users with respect and make a positive contribution.  Thanks.
Forum Policy

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #39 on: December 23, 2006, 08:08:11 PM »
It's a great feeling when all the knowledge starts falling into place  (:NRD)

1)

ipconfig returns:

Connection-specific DNS Suffix. : gateway.2wire.net
IP Address: ..............................: 198.168.1.105
Subnet Address:.......................: 255.255.255.0
Default Gateway.......................: 192.168.1.254

So in my "trusted zone" I want to add 192.168.1.254, correct? Please confirm. Also, when I define a "trusted zone" for my wireless router do I use the same IP address for the start range and the end range?

Absolutely correct.  Just give the "Zone" the name MyRouter or something meaningful to you.

2) So by doing #1 above, I am telling Comodo that the only network device that is allowed to communicate with my laptop is the router, right? And since that is the only "networking" device I have in my setup, I'm good to go? And yes, all the peripherals I mentioned before are all USB/Firewire connected, so they would not be considered networking devices.

Remember that it is a 2 step process:
  • Create the new zone as you described using Add/Remove/Modify a Zone, then
  • use the Define a new trusted network wizard to add the 2 new rule for that zone.

This process opens the gate for communication to flow to/from your PC to/from your Router.

3) To better enhance correspondence here, how does one insert a screenshot into a post? I see the  "insert image" option, but it simply gives me the html img tags. Can I not just paste an image from the windows clipboard, or do I have to have a URL to refer to or upload an image?

As Little Mac suggested, the Additional Options... link in the forum post allows you to attach an image.  We'd need to download it to see it, but is still effective sharing.

Here, I've attached a screenshot of my network rules for you to see how that works.  As you can see, I called my Network LAN.

Sounds like we are winning! (:CLP)

[attachment deleted by admin]
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline imaginos

  • Newbie
  • *
  • Posts: 9
  • Every day above ground is a holiday
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #40 on: December 23, 2006, 11:32:57 PM »
Hah! Winning maybe, but not won. You haven't yet seen the thesis of questions I'm building as I go through the firewall software. Nonetheless, you guys(?) make asking questions easy and making one not afraid to look foolish.

My brain's almost there with understanding the network rules - at least the theories. One of the next things I need to grasp is the application rules, alert levels, and component topics (good grief, there are alot of components listed!). But I'll post those in another thread. It is obvious this should remain a Network Rule thread only.

Many thanks. I WILL be posting many more questions, but I may just save them up and post them all at one time where appropriate. It may be awhile before you hear from me again, what with the holidays, but I will resurface here to scratch your brains again!

imaginos
IBM Thinkpad, Intel Pentium M 1.80 GHz, Comodo Firewall, Spybot S&D, Ewido Anti-Spyware, Spysweeper 5.0

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #41 on: December 24, 2006, 12:53:16 AM »
Sounds great.  Enjoy the holidays.

P.S. The only foolish question, is the one unasked.
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline imaginos

  • Newbie
  • *
  • Posts: 9
  • Every day above ground is a holiday
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #42 on: December 24, 2006, 12:27:24 PM »
Okay...before the holiday festivities started and I'm too wasted to remember all of this, I wanted to define my wireless router zone as we've discussed. Please refer to the attached Word document with screenshots as I narrate things I am now pondering:

I went into the "Add/Remove/Modify a Zone" feature and the only thing there was the default Local Area Network entry with 0.0.0.0 start range and 255.255.255.255 end range. This was there upon installation of Comodo. No other zone entries were there. So I defined MyWirelessRouterZone with the IP address we discussed previously (see screenshot).

After defining this, I went to the "Define a new Trusted Network" wizard and lo and behold, the 11a/b/g Wireless LAN Mini PCI Adapter entry was there. This must have been "automatically" added by Comodo? I say "automatically" added because I did nothing to specify this. Was this possibly triggered by the Comodo software when I defined MyWirelessRouterZone?

Anyway, the question now (other than how the other zone magically appeared) is: which one should I use? Is there an advantage over using one over another? Or should I include both in my trusted zones?

Just when I thought I was grasping this stuff....aaaaggggg!

imaginos....

[attachment deleted by admin]
« Last Edit: December 24, 2006, 12:29:22 PM by imaginos »
IBM Thinkpad, Intel Pentium M 1.80 GHz, Comodo Firewall, Spybot S&D, Ewido Anti-Spyware, Spysweeper 5.0

Offline ~Daniel~

  • I used to be indecisive, but now I'm not so sure.
  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 906
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #43 on: December 24, 2006, 02:56:01 PM »
Delete all zones except the "MyRouter" one.

Then run the Trusted Zone wizard picking the "MyRouter" zone.

If you have any other network rules with a Zone other than "MyRouter"... delete those as well.

Your list should look similar to mine that I attached a couple posts earlier.  But i suspect you will not have my Rule (7), so don't be alarmed.
OS: Win 10 Enterprise x64 build 1809
Comodo: CIS 11.X (latest version)
Backup/Imaging: Macrium Reflect Home v7.X
Win10 Phone: N/A
Personal Website: Comodo SSL (via CloudFlare)

Offline imaginos

  • Newbie
  • *
  • Posts: 9
  • Every day above ground is a holiday
Re: How To - Understanding & Creating Network Control Rules properly
« Reply #44 on: December 26, 2006, 02:42:25 PM »
Understood. My rules look exactly like yours now, except LAN zone different, of course, and I do not have rule #7 as you pointed out.

Thanks. Going back to compiling more questions...I'll be posting soon...

imaginos
IBM Thinkpad, Intel Pentium M 1.80 GHz, Comodo Firewall, Spybot S&D, Ewido Anti-Spyware, Spysweeper 5.0

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek