I am new to Comodo firewall. Can someone tell me which have more priority, application rules or global rules?
I just install CFP 22.214.171.1249. I set up some rules for my applications (Firefox, Thunderbird…). Then I create a global rule to block all other connections. Detail of this rule is as follow:
Source Addr: ANY
Dest. Addr: ANY
It seem that the global rule overcomes all application rules and block out all application.
If this is correct operation of CFP, how should I set up it to allow some specific connection/applications and block all others?
For inbound connections, the global rules are evaluated first, then the application rules. For outbound the opposite, first the application rules, then the global rules. So if you allow a TCP out for your applications, it must not be blocked in the global rules or it won’t go out.
After your reply, I tried to modify the global rule.
In first way I changed the direction so that it should block outbound connection. I expect the application rule shall be evaluated first and it shall allow my application’s connection. But it was not. The log viewer say that the connection from my computer to the mail server is blocked.
In the second way I changed the direction of the rule so that it should block all inbound connection. But this time the connection to mail server was allowed.
I don’t understand the IN/OUT Direction setting of the rule.
If your PC is the one initiating connection (like, when it requests a page from some web-server, connects to a mail server, etc), then the connection is outgoing.
If connection was initiated by a remote PC (like, when you host a game server, or use some peer-ro-peer software), the connection is incoming.
You told the firewall to do exactly that - by creating a global rule that blocks all outgoing traffic. Any connection attempt must obey both application rules AND global rules. So, to be able to check your mail, you must allow outgoing connections to POP3/SMTP ports in your mail client’s application rules AND in global rules.