I’m pretty new in the Comodo world (but quite oldie in firewall word).
I’m not sure to understand the application vs network rules interaction.
Let’s say for example I want to authorize all out UDP 53 paquet (makes sense !).
But I don’t want to do it per application, for sure.
If I create a network rule with those parameters, it is not enough, I need to create an application rule as well.
That’s a bit strange, I would like to have a “any application” parameter in the application rule definition.
Please advise how to create this kind of configuration with Comodo ?
For outbound communications Application rules take precedence over Network rules. For inbound communication, it is reversed, Network rules take precedence over Application rules.
I find the best way is letting CPF learn. This does create a pop-up for each application. But, it only does it once, unless it is updated. CPF will alert you to any application that attempts to make a DNS request. If you approve, then you simply Allow it (remembered) & that is it. Then if later, something unknown & unexpected asks for a DNS request… CPF is protecting you. IMHO it’s not a good idea to allow any application to perform a DNS Request without your specific authorisation. You can, of course, turn off CPF from checking DNS Requests if you feel it is not a risk (not recommended).
So what I understand of the configuration of Comodo is there is precedence of application rules or network rules, depending of the inbound or outbound way.
But both rules (appli or network) are used to determine if the packed is allowed or not.
So for example, you need to authorize all applications to perform a DNS request, even if you have authorized port53 outbound.
OK, why not, it’s better in term of security.
But if you want to create a trusted network to communicate with your machine… you need to create rules per application too.
That sounds amazing to me ! No matter the level of security you want, if you need to create a trusted network, you don’t want to be annoyed by some other stuff regarding application level.
This point is for me very important. I really don’t understand how to use it this way ! maybe it’s just my configuration, or my warp-minded brain…