[7.0] I want to temporarily block all applications except one

I’m using Comodo Firewall + HIPS package 7.0.313494.4115 on Windows 7 x64. I asked some time ago about how I can temporarily disable application rules but I don’t understand the response. The situation I have is occasionally I am connected to an ISP where I have to pay per MB for data. When connected that way I want to shut off all programs from accessing the internet except one, firefox. Otherwise it’s very expensive if some other process is downloading in the background.

I can’t find any way to do this in Comodo. I changed the firewall to ‘Custom Ruleset’ and then in application rules I added an item called ‘Block All Incoming and Outgoing Request’ that has one custom rule copied from ruleset blocked application. I figured if I moved this item to the top of the list it would block all applications from accessing the internet, but it doesn’t. If there is a rule for an application lower in the list it can still connect to the internet. I just don’t understand how this works. Isn’t there any priority?

You can try to

  1. Make sure “Create rules for safe applications” is unchecked in firewall rules.
  2. Make sure Firewall ruleset is set to “Custom Ruleset”
    3a. In the application rules page, add new rule → browse → groups → All applications
    3b. Create new rule inside All Applications → Block → Ip → In or Out → Any → Any → Any
    3c. Move “All Applications” to bottom of the application rule list (or even right below firefox)

You could delete all other than firefox and start clean with only firefox in the list, if you do you may want to set the “All Application” rule to Ask instead of Block. In your case you may want to export the configuration when it is optimal and name it “FireFox_Only”. When it is saved you can create rules for non-firefox use and save that as “Default”, then import configuration when you only want to use firefox. You can export and import configuration in General Settings → Configuration.

If you place All Applications right below firefox, you need to set the rule to Ask, because the system needs access to dns servers and will ask for it. When you create the configuration file for firefox only, you might want to customize global rules too. You only need the tcp and udp protocol and they need to be set to outgoing only.

To make a firefox only (strict) use configuration, you can do the following:

Global rules: (chronological order)

  1. Allow TCP out (Any Any Any and (a set of ports=HTTP ports)
  2. Allow UDP out (Any DNS1_IP Any 53)
    3 Allow UDP out (Any DNS2_IP Any 53)
  3. Block IP In/Out (Any Any Any)

Application rules: (chronological order)

  1. FireFox (Set ruleset to Web Browser)
  2. C:\Windows\System32\svchost.exe (Create two rules, allow udp out, source address: any, target address: DNS1/DNS2 SourcePort: Any TargetPort: 53)
    and create a new rule below these two rules: IP Block → Any Any Any
  3. “All applications” (IP Block Any Any Any)

This will create a perfect setup that will allow nothing but firefox use, and your dns servers. Java is not included, but who needs Java all the time. You have to know the ip address of your primary and secondary DNS of course.

Before you change these rules, export the old settings to a file, then change the settings I pointed to and then save these settings too, you can name it “FireFox_Only” for example. Then export/import as you need to change to firefox only.

Not even your network printer will be allowed to communicate with you with these settings, not even ping.exe will be able to send anything out. It is firefox only, web browsing only. Windows update will not work either, comodo will not be able to update itself and your anti virus will not be able to update itself. Absolutely everything is blocked except firefox and your dns servers.

Global rules look like this:

http://oi58.tinypic.com/ve8as9.jpg

Applications rule look like this:

http://oi57.tinypic.com/28bfuzb.jpg

You could very well create a single global rule to allow TCP and UDP traffic out in the same rule, that is up to you. Placing two with specific IP’s is just a security choice, it allows only dns requests to those ip’s specified.