Comodo Firewall Help Needed

CRAZYLEGS · November 9, 2010, 10:42am

Hi there, for the past few months I’ve been using Eset for my security needs and it’s time to move on.

So far I’m liking everything about Comodo, except I can’t manage to set up the Firewall in a way that I had previously with Eset.

All I need is to apply 3 rules to an application I have installed on my PC.

* Allow everything
* Disallow all traffic to remote port 27030
* Allow traffic to remote port 27030 on IP 41.185.60.43

Essentially only allowing the IP address (41.185.60.43) on Port (27030) for the application.

In tabular form:

                            Action  Direction   Local Port  Remote Host     Remote Port
Allow All                   Allow   Both        Any         Any             Any
Block Port 27030            Block   Both        Any         Any             27030
Allow The IP on 27030       Allow   Both        Any         41.185.60.43    27030

Please assist, I would hate to have to go back to Eset.

Valentinchen · November 9, 2010, 4:05pm

Hey and Welcome to the forum!

I assume you need to add ports. To add ports you’ll need click on firewall, click on network. go to global rules and then add.

EricJH post:2:

I take it you want to open ports for that application.

Read the following tutorial I made. Substitute the port numbers and protocol for your situation.

To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Advanced → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok.

I hope this will help.

if i misunderstood you tell me your problem in another way.

Regards,
Valentin

clockwork · November 11, 2010, 1:16am

he doesnt ask to open a port for ingoing! (valentinchen, you suggest to put a hole in the firewall for everyone who likes to connect to that pc on port 1723).

and to the opener: why do you want a rule that allows everything in EVERY direction (your first rule says that), and then you try to make one exception?
its a bit funny. basically you can switch of the firewall with your setting. it lets all in and all out. apart from one port… but as you set the allow all rule on top, the other rules dont count anyway.
a rule set of a firewall is a logic game. look carefully what each rule says, and then look what the combination says.

as long as you dont run a server or use p2p, you dont need any INgoing rule for a program.

normally comodo firewall blocks all what is not allowed. so you only should make exception rules for the FEW things that you want to ALLOW.

Valentinchen · November 11, 2010, 10:14am

first of all I didn’t say he should open ports and secondly I assumed that he wanted/needed to add ports clockwork. And no I don’t suggest that he should put a hole in the firewall!

Regards,
Valentin

clockwork · November 11, 2010, 11:10am

the quote that you pasted says “make a hole for port 1723, protocoll TCP, for whoever wants to join”.

thats what i meant.

Valentinchen · November 11, 2010, 3:24pm

okey. The quote I took only shows how you add a port and nothing else. I am sorry if the quote is misleading.

Regards,
Valentin

Citizen_K · November 12, 2010, 10:09pm

You can make a custom policy for this under Network Security Policy → Predefined Policies.

The policy will need two rules.

Action: Block
Protocol: IP
Direction: IN/Out
Description: Block all traffic

Source address: Any
Destination Address: Any
IP details: Any

Action: Allow
Protocol: TCP/UDP (or just TCP or UDP; that depends on what protocol the program uses)
Direction: Out
Description:Allow traffic on port 27030 to 41.185.60.43

Source Address: Any (or the MAC address of your NIC, or your IP on the LAN when you have a fixed IP address)
Destination Address: 41.185.60.43
Source POrt: Any
Destination Port: 27030

Now make sure the block rule is at the bottom of t new policy and the allow rule on top. Then Ok and Apply your way to the main screen. Now you can assign the new policy to your application.