Basic questation

HI ,
I have questation about network and application monitor . How work it ? I have in the network monitor block all inboud ip, but the application listening in the ports . How work this ?
thanx marek

Network and Application rules are actioned as follows:-

Inbound Connections: PC < Appication Rules < Network Rules < Internet
Outbound Connections: PC > Application Rules > Network Rules > Internet

Basically, any inbound connections will be denied by default (unless you have changed your existing network rules). To allow a connection through CPF to your listening application, you will need to create a network rule. Once this rule is created, you should then be prompted for an application rule.

Outgoing connections will prompt you for an application rule (depending on your setup). Once allowed, they will pass through network monitor (as they are permitted by default).

:slight_smile:

Inbound Connections: PC < Appication Rules < Network Rules < Internet

I have default block all IP . The MS Messenger listening in the UDP protocol , and after talk from another computer the comodo allowed this … block ip mean block udp and tcp ?

and second questation about alert level . If alert level is set to very hight , the comodo open alert with more alerts in the one window . If I select allow this allow all alerts ? And if I select save ansver , this chceck box applied to all alerts ?

thanx marek

Does that mean that an outgoing application connection, which has outgoing permission, will override the network rules? Or that the default network rules will pass it?

To restate, if the first network rule is: Block - IP In/Out - Any - Any - WHERE IPPROTO IS ANY, will the firewall still pass it if the app has outgoing “application rule” permission?

Thx in advance


Sticky

Hey sticky,

If Rule 0 in Network Monitor is your BLOCK rule, then you will be blocking all traffic, as it will satisfy the essential criteria - if its going out and its IP then stop it.

The catch all block all IP rule should be LAST in the Network Monitor, as it needs to catch anything that isn’t satisfied by the earlier rules.

An outgoing request from an application needs to firstly have an application rule and then it needs to satisfy one of the network monitor rules. In laymans terms, the application rule describes what the application will do if its allowed. The network monitor rule describes whether connections are allowed, regardless of the application requesting it.

Hope this helps,
ewen :slight_smile: