Comodo Firewall 101 - Help Setting Up...

I am new to using Comodo Firewall. I am setting it up for a friend whom doesn’t know about firewalls. If you lead the way to securely set it up, I will follow. Also, can I disable all loopback connections from having to prompt me, or is this not a good idea? I don’t want automatic configurations, so do I have to manually set up any rules? Any thing else you can tell me? I am not a newbie to firewalls, just not familiar with this one and don’t know how it works and well how to configure it ruleset wise.

dja2k

Ummmm, I’m trying to figure out the advantage you’ll get in setting everything up manually when that will merely be replicating what the automated setup would do.

Did you want to do a manual setup so can gain a better understanding of what goes where, or did you have another reason? I’m quite happy to step you through things, but being a lazy IT guy, I’d rather tell you to click here, here and here, rather than type out 27 steps, particularly since we’ll end up at the same spot. :wink:

Ewen :slight_smile:

I agree with Panic…
Do a auto setup when you install, and then scan for known applications. You are still safe and save about 40 hours of work… ;D :smiley: :wink:
If you want popups for everything you can set the “alert frequency level” at the highest setting, and uncheck “do not show any alerts for applications certified by Comodo”.
I have both “skip loopback” checked, so i will also ask Panic about that… Is it safe to have them checked?

The local loopback checks are there to test internal connections only. If your system is clean and you have a known range of apps, IMHO, it’s safe to have these checks disabled. I usually turn them on if I’m testing an unknown app and I don’t know what connections it’s going to try and set up. with these check enabled, I get advised about the internal connections as well as the external connections.

Hope this helps,
Ewen :slight_smile:

Ok, thanks!

I don’t trust auto setup, I want to set it up manually and changing each range for each app to access under applications though I don’t understand what I have to change in the network tab.

For instance, this person at wilders posted this image of his network rules… I know the highlighted are p2p port rules. Anyways, how did he know how to setup this and also wouldn’t his #4 rule be sorta the same as his #7 because of the same port range allowed of 1024-65535.

http://img98.imageshack.us/img98/3782/capture10122006072709ge8.jpg

dja2k

There is a fundamental difference in the architecture of CPF to other firewalls. When a request is outbound from your PC, it has to satisfy one of the application rules first, then also satisfy one of the network monitor rules to allow it out to play. In a nutshell, the application monitor determines what can and cannot go outside and the network monitor determines how it can get outside.

Setting each and every application up manually with an application rule and making sure its transport requirements are satisfied by a network monitor rule is a HUUUUUGE task! Do you realise how many component rules, application rules and network rules you’re going to have to make for an average system? You’ll need to know the components and executables, protocols and port requirements of EVERYTHING that wants to go out or come in.

You said “I know the highlighted are p2p port rules. Anyways, how did he know how to setup this”. You are going to be asking yourself this question thousands of times. I’m not saying you can’t or shouldn’t, just making sure you’re aware of how much work you’re getting yourself in for.

Surely it would be easier to go through the automatic setup and then backtrack and see what it has done. As you authorise each application (by means of the CPF pop up dialogues) you can quickly have a look at the application rule it just created for it.

I doubt that anyone would be able to step you through setting up an entire system manually. The time, effort and second guessing ('cause we don’t know what O/S you’ve got, what service pack level you’re at, your internet connection details and mechanisms, what apps you run now and what apps you might want to run tomorrow etc. etc. etc.) would undoubtedly be too much for you or for us.

For instance, this person at wilders posted this image of his network rules... I know the highlighted are p2p port rules. Anyways, how did he know how to setup this and also wouldn't his #4 rule be sorta the same as his #7 because of the same port range allowed of 1024-65535.

http://img98.imageshack.us/img98/3782/capture10122006072709ge8.jpg

Rule 4 is essentially the same, except for the ports numbered below 1024. Also, his rule 7 should only specify from port 1056 upwards, not 1024. Knowing what apps need what ports ius usually in the help file for that app, or you can always google it. If you want to set things up manually, google is your friend. :wink:

Please don’t take this the wrong way. the more people learn about their PCs the better able they are to keep it clean, secure and running the way they want it to. Set it up manually or set it up automatically and then backtrack - either way you’ve learnt how the rules are built and interact with each other.

I would advise you to go the auto setup route and then backtrack. this is how I learnt what CPF was doing.

Hope this helps,
Ewen :slight_smile:

Okay set the application to high alert to help me determine port usage for utorrent. This is what I got…

I think there is a mix up on my part or yours, but the main ports are listed in the application rules and then globally in the network rules like that other person wrote his.

dja2k

Does netbios use TCP\UDP for inbound only or outbound too? What rule do I have to setup to block ports 137-139 in the network tab?

dja2k

That’s correct. CPF will open the ports shown in the network monitor only if an application is running that uses those ports. Otherwise, they are stealthed. Remember, application rules determine what can or cannot go out and play, network monitor rules determine determine how they go out.

hope this helps,
Ewen :slight_smile:

dja2k, here you have some tutorials for torrent-programs and online gaming and so on…
https://forums.comodo.com/index.php/topic,894.0.html

For my torrentprogram (azuresus) i have only one network monitor rule, and that is,
Allow
TCP/UDP
IN
Source IP - Any
Destination IP - Any or zone if you have one
Source Port - Any
Destination Port - The “listen” port that your program use.

I have moved that rule up to 3rd place (id 2)
This works for me anyway… ;D
Hope this helps.

How about I use this for the network rules and limit the rest in the application rules? Are these rules correct in the network rules and also if I am behind a router, do I have to change the source or destination for any (ie DNS) ?

dja2k

I’m no expert in rules, so i use the default rules and i have added a few when nessesary.

also if I am behind a router, do I have to change the source or destination for any

If you are behind a router, i recommend that you create a trusted zone. That way your internal network will function without problems. I pass ALL leaktests and portscanners, so it’s not a security-risk to let CPF make the default rules for you.
Without knowing if it’s secure, it looks like you can merge Id 1 & 2.
It also looks like you could merge 8 & 9 like i did in my previous post. You can also see that i used zone in destination IP (or any). You should do that, but you have to create a trusted zone first, where you specify your internal IP’s. I think that’s more secure than use ANY.

Panic or someone with more knowledge have to tell you how secure your rules are…
I know mine is… ;D

Updated Network Rules Picture…

Check it out, don’t know if I have the first three rules correct. I just went with what I thought would be there.

dja2k

I believe you should be able to do away with one of the first two rules. If you are behind a router, as seems to be the case, then you should only require one dns rule udp, outbound, port 53 to your router’s dhcp address.

I see and understand what you are trying to do. You think similar to me with regards to setting up fw rules, with the emphasis on very tight security :wink: I did it this way, like you maybe, as a learning experience as well. However, panic and Aowl are right in saying that it takes a painstaking long time to set up rules this way. Just make sure that when you are done and they are fine-tuned to your satisfaction, export them from the registry as a backup just in case.

I am used to setting up firewalls this way, tight port settings, though the whole network rules thing is throwing me off with this firewall. Thats all I needed help with, about the applications rules, well there is where it takes time to see what programs use what ports, but I already know that from prior usage with other firewalls, so that will be a breeze.

dja2k