Add Option For Command Line Integration And .bat File

1. What version of CIS, or Comodo Firewall, are you currently using:
Comodo Free Firewall 5732.83

2. What actually happened or you saw:
GUI applications are good if you need to do something one time only, but if you want to repeat something multiple times, nothing can compete with the command prompt. I would like to see a command line tool that can be used to configure the firewall (primarily).

3. What you wanted to happen or see:
I want to be able to configure comodo firewall from the command line so that I can change settings using either command prompt or through a batch script.

4. Why you think it is desirable:
It is desireable because you can’t automate anything in the GUI interface, everything has to be done manually and that is not what computers are about to begin with. Computers are designed to let the user do multiple things, dynamically and as many times as you want, the command line tool can allow this.

5. Any other information:
Suggested command line arguments:

This command will remove a rule from global rules at index 3 where indexes start at 0 and up to infinity. (r argument stands for ‘remove’)
tool.exe -r:3 -glob

This command will add a rule to global rules at index 0 and all other rules from index 0 are pushed one step down:
tool.exe -a:0 -glob -prot:tcp -srcaddr:10.10.10.10 -dstaddr:20.20.20.20 -srcport:1024 -dstport:2048

To add an application to the application rules page at index 4:
tool.exe -a:4 -app “Full path here inside quotes”

To rearrange the position of a rule from index 6 to index 2, rule at index 6 is placed at index 2, what was at index 2 is pushed down to index 3: (m argument stands for ‘move’)
tool.exe -m:6,2 -glob

To extract a piece of information from rule at index 6 can be done this way: (e argument stands for ‘extract’)
tool.exe -e:6 -prot (This will extract and print the protocol in that rule in the command prompt window, so batch scripts can easily get that info into variables)
tool.exe -e:6 -srcaddr (This will extract the source address part)

Command to list rules from index 0 to index 4 and echo it to the command prompt window: (l argument stands for ‘list’)
tool.exe -l:0,4 -glob
tool.exe -l:0,* -glob (This will list from index 0 to infinity, which means all rules will be listed)

When it lists a rule, it must list the index number at the first character in the console window so that batch scripts can fetch indexes too.
These are only suggestions meant to inspire you to make better command line mechanisms, they are not well thought through.

Thanks.

Thanks for submitting this wish. I edited the topic title and added a poll. Please look over everything and let me know if it is okay. If it is then I will forward this to the Waiting Area for voting.

Thanks again.

All ok.

Thank you for submitting this Wish Request. I have now reset the poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

To be honest, not very clear why this is necessary. What specific usage scenario this may be?

There is a slight contradiction from my point of view.

I find your idea superb if you want to automatize u everything[/u].
How about a ‘whole’ console interface? What do you think?

What if a malware uses it to add its downloaded files to exclusion list ?

[at]malware1: A malware, which is able to access the CLI is probably also able to make the changes in the registry, since there are Tools from Microsoft to change the registry via the command line.

Actually, I think, this is a really cool and useful idea. But - please don’t do it with batch.
Do it the “Microsoft way” and provide a Powershell module. Powershell is far more powerful and easier to learn and use as the cryptic batch language.

I would assume that it would work the same way as registry editing, anything run in the sandbox (any level) would be blocked and for HIPS it would alert, remember that all of that rely on the trusted files list, if a malware is trusted for whatever reason then it can wreck havoc on your computer without CIS doing a thing, if it’s blacklisted then you get an alert from the AV and if it’s unknown then it will be restricted by auto-sandbox (default) or whatever else you set it to, if you disable both HIPS and auto-sandbox then pretty much any unknown malware will be able to disable CIS completely.

I’m writing this reply as a heads up. The rules for Wish Request processing state that a Wish cannot stay in this area for more than 6 months. Thus, there is less than a month’s time left for voting for this topic. Once it is September 30th I will move this topic to Rejected (unless it receives at least 15 points before the end of the voting period).

Thus, if you have not yet voted, one way or the other, about this Wish Request please do so ASAP.

Thank you.

I’m sorry, but as it has been 6 months since the Wish Request has been submitted, and it has not received the required 15 points, I am forced to move this Wish Request to Rejected. I hope you understand.

Please note that, if you wish, you are allowed to create a new Wish Request for this same wish as long as you wait at least 1 month since the time it was moved to Rejected. This only applies to Wish Requests which were moved to Rejected because they sat in the Waiting Area for 6 months without receiving the necessary 15 points, and were moved to Rejected only for that reason.

Thank you.