"Block all" using rules

WolfCodex · November 24, 2007, 11:20pm

Hello.

First of all, I’d like to thank the entire crew, that made this truely wonderful piece of software and more than that - made it free.
I’ve been using “Sygate Firewall Pro” for years, before it got bought by Symantec, and they ruined the project. After that I had to get myself a replacement, so I bought what appeared to be a good choice at that time - “ZoneAlarm Pro”. CheckPoint made themselves quite famous for their security qualities, but that program was way too ■■■■■■■ system resources.
Even though none of my PC-s lack RAM or CPU-power, I try to avoid programs that use more, than they need and only due to not being optimized enough. I kept “ZoneAlarm Pro” for a few years, but about a month ago I still decided to give “Sygate Firewall Pro” another shot, since CheckPoint’s creation is just monstrous. As expected, Sygate lacks some of the features, that became quite useful nowdays, when we may be using several different networks every day (if we are talking about a notebook with WiFi, for example).
That’s when I read about “COMODO Firewall Pro”. Only thing I regret now is that I haven’t tried using it sooner. It’s exactly what I was hoping a firewall would be like - module based, so that you have an option to disable something you don’t need; flexible rule-wise; comparingly light on resources and has the minimal set of features, all of which can be useful to -any- user.
So thank you - what you are doing is a great thing and there are people that are truely greateful to you.

Now the question, that I wanted to ask - can I make a rule that would be blocking -all- traffic and both ways? If I make a rule like that:

Action: Block
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
IP Details: Any

Then most connection attempts do get blocked - yes, but my mail-checker still successfully checks my box for new mail (POP3, Port:110). I suspect that some other connection attempts end up successfully as well without my knowing. Tried making another rule, which is pretty much the same as the first one, but is using a slightly different approach:

Action: Block
Protocol: TCP or UDP
Direction: In/Out
Source Address: Any
Destination Address: Any
Source Port: “A Port Range”; [Start Port: 1]; [End Port: 65535]
Destination Port: “A Port Range”; [Start Port: 1]; [End Port: 65535]

Result ended up being the same, of course.

What I want to do is to block -everything-, unless there’s another rule written by me for that exact application.

I hope I’ve been clear enough explaining my problem.
Thank you in advance.

system · November 24, 2007, 11:32pm

Where are you putting the rule? A “Block All” BLOCK/IP/IN:OUT/ANY/ANY/ANY in the global rules sure does it for me.

AOwL · November 24, 2007, 11:58pm

If you go to firewall/advanced/network security policy/global rules tab and there you should have a block and log IP (everything). Like sded said.
Everything below that will be blocked (global)

WolfCodex · November 25, 2007, 12:06am

sded, AOwL

Thank you for replying. The problem is solved now and not the way I expected it to.
The problem was in my mail-checking program. When it fails to connect (due to time-out) to e-mail box that requires SSL (Port: 995) it marks it as a failed connection. For regular connections (Port: 110) it marks them as “successful” if a connection failed due to time-out. So no actual connection is being made, even though program claims so.
So either of the rules that I’ve previonsly used works fine. Problem solved. Thanks again for the reply.