a rule question

Does it make sense to create a couple of rule at the bottom of the network monitor like this:

Protocol TCP, in/out, Block
Protocol UDP, in/out, Block

to block any other traffic that does not have a rule?

im using version 2.3 on an XP box.

thanks!

Hi mGa, welcome to the forums.

You shouldn’t really need to, since the last rule in the Network Monitor should be a block & log rule (IP In/Out - Any - Any). This rule is created by CFW when its installed & nothing should get passed it. CFW reads the list top to bottom & that is the order of priority for Network Monitor rules.

the last rule is set to IN only. should i change it to IN/OUT?

No. I suspect that is an ICMP Allow rule (also created by CFW on install). If you’ve deleted CFWs final Block & Log rule, you must put it back. Otherwise, in effect, your firewall isn’t blocking unsolicited connection attempts. In short, you’re wide open.

The final blocking rule should be IP In/Out (this covers both TCP & UDP), Log - Source: Any Destination: Any. IP Protocol: Any. OK?

Edit: Actually, you’re not wide open if you have a router or some such piece of kit that has h/w firewall/NAT. Since, these block unsolicited connection attempts anyway.

i havent deleted anything and the last rule says IN only. I will change it to IN/OUT. I am behind a router and i ran all the tests at PCflank.com with good results.

thanks for your help! :■■■■

Router? OK, you’re safe. Perhaps Comodo have changed it… Is it an IP In (Protocol Any) - Source: Any - Destination: Any - Block & Log rule?

You should be aware that web based scans (ie. scans that you request from web site, like PC Flank) hit your router first. CFW only sees what the router allows it to see. So, to test CFW with a web-side scan, you need to tell your router to temporarily pass all communications (often called DMZ) to the PC. Otherwise, you’re actually testing the router, not CFW. You can normally see this by an absence of Log entries in CFW, as I scan would certainly generate Log entries.

yes the rule is → IP IN - protoc: any - source: any - destination: any - block and log. i set it to IN/OUT, is that OK?

Yep, that’s fine.

any rule i should create for microsoft active sync?

I don’t know. But, if CFW is blocking something then it should be in the Log. CFWs Log is useful for this purpose… as it guides you to what rules you need. Remember to place any new rules above the final Block & Log rule. You can also temporarily check the Log option for new rules to ensure they are being used when you expect.

I believe ActiveSync is a local operation. By that I mean that it doesn’t go to the Internet. ActiveSync is for things like iPAQs (if they’re still called that) & it normally connects through a COM port or USB. If we’re talking about the thing. It’s been a few years since I sync’ed my iPAQ. LOL.

you are correct. i actually use it for my cell phone/pocket PC. but yes it is local and it connects through USB.