Application rule vs Global rule

nonamekhach · February 22, 2008, 4:31am

Hi all.

I am new to Comodo firewall. Can someone tell me which have more priority, application rules or global rules?

I just install CFP 3.0.18.309. I set up some rules for my applications (Firefox, Thunderbird…). Then I create a global rule to block all other connections. Detail of this rule is as follow:
Protocol: IP
Direction: In/Out
Source Addr: ANY
Dest. Addr: ANY
It seem that the global rule overcomes all application rules and block out all application.
If this is correct operation of CFP, how should I set up it to allow some specific connection/applications and block all others?

Regards.
dtngn

system · February 22, 2008, 4:36am

For inbound connections, the global rules are evaluated first, then the application rules. For outbound the opposite, first the application rules, then the global rules. So if you allow a TCP out for your applications, it must not be blocked in the global rules or it won’t go out.

nonamekhach · February 22, 2008, 4:52am

Thanks sded for your quick reply.

After your reply, I tried to modify the global rule.

In first way I changed the direction so that it should block outbound connection. I expect the application rule shall be evaluated first and it shall allow my application’s connection. But it was not. The log viewer say that the connection from my computer to the mail server is blocked.

In the second way I changed the direction of the rule so that it should block all inbound connection. But this time the connection to mail server was allowed.

I don’t understand the IN/OUT Direction setting of the rule.

Sm3K3R · February 22, 2008, 11:08am

My advise would be after you make a global rule to restart your computer and even aplly a similar rule in the aplication level.Its more safer.

MaratR · February 22, 2008, 11:33am

If your PC is the one initiating connection (like, when it requests a page from some web-server, connects to a mail server, etc), then the connection is outgoing.

If connection was initiated by a remote PC (like, when you host a game server, or use some peer-ro-peer software), the connection is incoming.

You told the firewall to do exactly that - by creating a global rule that blocks all outgoing traffic. Any connection attempt must obey both application rules AND global rules. So, to be able to check your mail, you must allow outgoing connections to POP3/SMTP ports in your mail client’s application rules AND in global rules.