Exact approval of IP-Adress and Port

ra-punzel72 · July 23, 2007, 7:53pm

I just have downloaded and installed CPF and before I write anything else: THANK YOU for this fine product

Now my view/concern: I am kind of a pro user (admin since years) and have used Sunbelt PF before. What I am missing is the exact approval of IP-Adress and Port. Yes, it IS possible to do so manually. But why not when I approve in learning mode?

Programs which connect to 127.0.0.1 (localhost) are approved for ALL IPs and PORTS AND wheter they use it or not, both TCP and UDP. Why is that? Why is there no simple method in learning mode to choose: Yes, let programm xy use THIS IP and THIS port over THIS protocol…nothing else?

Maybe I have overseen something or are simply looking in the wrong place?

Thx alot for your help
Jo

system · July 23, 2007, 10:55pm

Hi Jo. Welcome to the forum.

I think what you’re after is in Security > Advanced > Miscellaneous > Configure > the 2 loopback check options and the Alert Frequency Level, which can be adjusted to High or Very High, thereby generating each attempted connection’s IP, protocol, and port.

ra-punzel72 · July 24, 2007, 11:53am

This IS the one but still I have troubles:

Now even when I defined some rpgrams (like firefox) that they are allowed to use tct and udp from and to all hosts and all ports, it asks me again and again when i surf to new sites.

I would think firewall rules are worked form above to the end, so when a rule says “allow all for this one” it should not aks again?

Thx for your help!!

ra-punzel72 · July 24, 2007, 11:57am

And there is another one:

Since most programs make a DNS call (UDP 53) I have wrote a rule in the network monitor that allows just that. But still all programs ask me.

I am mot a firewall specialist but still have managed several of them. All had ruleset which were worked from top to bottom (allowed is, what is defined). How can I achieve that here?

system · July 24, 2007, 1:13pm

CFP’s rule system works differently from others (wait until version 3 comes - even I have to relearn everything).

Hopefully LM’s explanations helps in the ** FAQs/Threads - Read Me First **:

[b]Order of Monitor Rules[/b] https://forums.comodo.com/index.php/topic,725.0.html https://forums.comodo.com/index.php/topic,2288.0.html https://forums.comodo.com/index.php/topic,8863.0.html
Understand & Create Network Rules
https://forums.comodo.com/index.php/topic,1125.0.html

Explanation of Comodo’s Layered Rules
https://forums.comodo.com/index.php/topic,5372.0.html

If you set the Alert Frequency above the default Low then even you’ll naturally receive more alerts from Application Monitor, regardless of what you did with Network Monitor. Yes the order is from top (highest priority) to bottom (lowest priority), but Application Monitor is checked by CFP first then Network Monitor.

Network Monitor is universal and has the final decision on how ports and such are defined, whereas Application Monitor is application-specific.