Firewall Rules

I understand that “outgoing traffic has to ‘pass’ both the application rule then any global rules before it is allowed out of your system. Similarly, incoming traffic has to ‘pass’ any global rules first then application specific rules.” But I have some clarifications/queries:

  1. Does this mean that for the traffic to pass through the Firewall it must find an “allow rule” under Application Rules and nothing that blocks under Global Rules?? Thus the absence of a rule for the application under Application Rules will trigger an alert and block the traffic until the user answers the alert?? But the absence of a rule for the specific traffic under Global Rules will allow the traffic to pass the Global Rules??

  2. Assuming no tick in “Create Rules for safe applications”, Application Rules must be either listed or are automatic for Safe files (automatic rules are not actually listed)??

  3. If there is a tick in “Create Rules for safe applications” then all Application Rules will be listed and there are no hidden Application Rules??

  4. If there is a tick in “Create Rules for safe applications” and then the user amends the created rule, Comodo will leave the amended rule and not try to change it back to the Comodo default??

  5. If the amended created rule is deleted then Comodo will reinstitute its default rule??

  6. Rules are applied in order – are the hidden automatic rules for safe files deemed to be at the beginning or end of the Application Rules list in terms of their priority??

  7. Global Rules are always listed?? There is no analogy under Global Rules to automatic rules for safe applications??

Many thanks for your help.

  1. global rules are made to make global decisions. i erased for example the default rule “allow outgoing ip any” in global rules (dont know if its still in the actual version there). as you can see, i am able to write in the internet without that rule. so its useless anyway. but global rules can avoid to have questions for unrequested ingoing traffic (what you dont have to allow! block ip in any). and you can set there to block ping requests (icmp) with that globally too. basically comodo firewall could work perfect without global rules (if you set it well)… BUT you can make general rules… see it as a benefit… you avoid many useless questions from the internet. in the past i had one global rule, but no global rule section… so i made this rule for “all applications” and i put it on the bottom of the rule set: “block all ingoing outgoing”… otherwise i had got many unneeded questions (that old firewall needed rules for ingoing too, because it wasnt able to decide if an answer was requested, COMODO can decide it today!). i had to disable the rule whenever i wanted to answer questions for an application… global rules is a section to make rules of this kind.

  2. no created rules

3)created rules in list

4)if you make rules yourself, you should prefer to do that allways!

5)comodo is just a program, and i would not wonder if it would make blueprint rules, instead of “application based individual rules”. so its always better to make the rules yourself.

  1. the application rules order is valid in firewall rules lists… as its like “stones on the way”. but in defense+ lists there is no way, there is just an allow or block of action.

7)as global rules are not “application based”, what should be the reason to make automatic rules in global rules for specific applications?

because you seem to go through the details, why not giving up using the automatic functions of comodo and do your own? the automatic is for people who dont go in the detail… you see? :slight_smile:

Sorry still not clear. Could I do questions one at a time.

There is an Application Rule that allows traffic for the application but there is no Global Rule that covers the specifics of the traffic . With the absence of any applicable Global Rule does the traffic pass through the firewall or is it blocked??

Many thanks. :slight_smile: :slight_smile:

global rules only exist when you make them. to have an application rule that allows specific traffic, allows the traffic into the internet when theres no global rule saying otherwise.
try the global rule “block ip out any”, and you will understand that the global rule forbids any application to reach the internet, even if its allowed in application rules.
its your choice what global rule is important for you.

global rules are just a layer of possible general rules! otherwise you had to have to make such general rules for any application!
instead of writing a rule for any application: “block ping requests”, you can make a global rule “block ping requests”, which is valid for every application or tried connection then.

without a global rule, only your application rules are valid. the best example for the use of global rules is: “block ip in any”, or you will get asked for unrequested ingoing traffic.

see it as a way, if you send something out of your pc, it will walk through the application rule, if not blocked there, it will walk through the global rules… if it isnt stopped by a single stone one the way, it reaches the internet.
something from the internet will walk the way in the other direction. first it will walk through the global rules, if not blocked, it will walk through the application rule.
and the relevance of the rules is dependant on the position in the rules list. something that is blocked with the first rule (the same is fact in application AND global rules set) is blocked, even if its allowed in a rule more down. so if you dont block internet explorer in the first rules, one allowed program could use it… otherwise not.

To get through the application rules a specific permission is required. If there is no entry for the application the traffic will be blocked. Is this correct??

But for global rules if there is no rule to block then it is allowed. For global rules the absence of any applicable rule does not result in a block. Is this correct??

Many thanks.

ok, i make it very short.
if you use custom policy mode in the firewall, every question that is not covered by a rule will be asked to you.

global rules are YOUR decision, and so no traffic will be stopped by them (or allowed in particular situation of a exception to a general block rule under it in the list) AS LONG AS YOU dont make a global rule.

GLOBAL RULES are your chance to make global decisions. if you dont take this chance, you dont have a benefit from global rules.

thats simply all. i think its more simple than you think it is.

QUOTE: But for global rules if there is no rule to block then it is allowed. For global rules the absence of any applicable rule does not result in a block. Is this correct??

if there is no rule in global rules, then nothing is “allowed or blocked”, BECAUSE there is no rule. it is then, as if you dont have a global rule layer at all.
GLOBAL rules are a comfortable way to make general rules that are valid for every thing from everywhere. as i got comodo the first time, i had at once some ideas for global rules. and so i need only to take care about application rules from now on…

imagine a driver license test.
the global rule is: no one under 18 is allowed to take part. (this rule avoids your phone ringing often by 17 years olds who ask to make the license).

and all the rules that are learned by those who are allowed to take part, these rules are the application rules.

you dont want to allow that unrequested things from the internet ask you each day to take part in your pc,
SO you make a global rule, that they are blocked by default. “block IP in any any”.