How do I tighten (make more restrictive) Aplication rules ?

I’m a NOOB with Comodo Firewall (ver. 2.1.1), although I have used other firewalls in the past (Kerio and Sygate).

I was reviewing my Application Control Rules, which were set up by the popups which I “Allowed” for each network application I have used. I was very surprised to see that every app. is given by default access to the full IP range (0.0.0.0 - 255.255.255.255) and full port accesss also (0-65535).

Here are some questions:

(1) Is there any way to make the DEFAULT settings more restrictive, so each application only has access to ports and IP addresses that are actually required or used ?

(2) Alternatively, I was thinking that I could use the Activity logs to capture the detailed information (IP address and ports) required to tighten up my rules. Does anyone have any advice on how to do this?

(3) Is there any relationship between these rather loose application rules and the fact that I have the following items default checked in Advanced Security Configuration:
Automatically approve safe applications?
Basic Popup logic?

(4) Finally, if anyone thinks my concerns are not valid, please explain.

Thanks.

You must disable the both options(Basic popup logic and Automatically approve safe applications) to make CPF not to create general alow all/block all rules.

Adter these changes, CPF will create limited rules when you answer popups. Then you need to go to application monitor and modify the created rules according to your filtering criteria.

Egemen

Hi, if you want to see a detailed report go to security>network monitor>right click #0 rule allow IP out> edit>tick creat an alert.>ok Hope this helps.

Thanks for the responses !

egemen:

As you suggested, I disabled both “Basic Popup Logic” AND “Automatically approve safe applications” hoping that this would enable the creation of more precise App. rules. Popups are very precise (protocol/direction/remote IP/port) … but when I “Allow”, the subsequent rules still seem to allow all ports and all IP addresses. I’m not sure this addresses my earlier question. Perhaps I misunderstood your advice ?

timcan:

Thanks for the advice to create a more detailed log file. Not quite as detailed as (say Outpost’s logs), but a modest improvement and more helpful to set up my application rules manually.

Yes when you allow/deny, it will create the rule for any IP/Port pair. Since many users have requested such an feature, we are going to add CPF an option to define the verbosity level of the popups.

Good luck,
Egemen

Hi,
This is about the same question I asked too.
What’s not clear for me: are you going to change the pop-up, or are you going to change the rules that are made (not every ip/port pair)?
I think this firewall if really great, but if the rules made are standard to allow an application to do everything with every ip on every port, this makes it (in my opinion) pretty useless as a firewall.

Peter

Yes, Goeroeboeroe … explains the problem perfectly.

The popups are already verbose enough. The trouble is that the details in the popup (IP/Port/Protocol etc.) are not being written to the ruleset. Instead, Comodo writes a wide open (all IP’s / all Ports) rule.

We don’t need more verbose popups; we need more precise rule making based on the popup paramaters.

Thanks.

This feature is going to be included in the next release guys.

Thank your for the feedback,

Egemen

This feature is going to be included in the next release guys.

Thank your for the feedback,

Egemen

Excellent !! ;D

Thanks for the quick reply Egemen. WOW. I certainly look forward to the next release.

That’s very good news! I know you can change the rules by hand, but I don’t want to get RSI…
Looks this is going to be the best firewall around!

I’m brand new to CPF, and was looking for this feature, which led me to this thread. Has this feature made it in yet? I’m running v2.3.1.20 beta, and would like the ability to specify the IP address or port when a rule is created. I don’t see a way to do it.

Otherwise, CPF looks really good.

Thanks.

I think that is going to be in a next release. Just not sure if it will be the next full release, or in a future beta before then.

Hi,

Yes CPF 2.3.1.20 BETA has this option. But you need to define this while installing. We havent put it to the GUI yet.

While installing CPF, when you select “Manual configuration” option, at the end of the wizard, you will see “Popup frequency option”. This feature affects both rule creation and number of popups according to the created rules.

Frequency of High will behave exactly what you need to to. IE. It will create a rule acording to single port, protocol, direction for all IP addresses.

Egemen

So, if we set the frequency to HIGH, it will learn absolute rules for the apps, and we will, at a later point, be able to reduce the frequency setting and the tighter rules will stick (when this is in the GUI)?

Correct?

Ewen :slight_smile:

Yes. But if in the future, say the same application requests a connection not covered by the created rules and you reverted back to low frequency mode, since CPF will create a wider rule, the new rule, may overlap with the already created rules and may override them.

So when using high frequency popup mode, it is better to modify the rules from application monitor to make them wider after a popup is remembered.

We are completely redesigning application rules. This is just a first step for the users who want to control application networking parameters more.

Egemen

Explanation is much appreciated. Thanks again to you and the dev guys - you rock!

Ewen :slight_smile:

Thank you very much for replying. I considered this option when installing, but then decided to stick with the default “low” to start with, thinking I would be able to change it later. I’ll reinstall and give it another try.

Why not behave like Kerio?
In the popup, give an “advanced” button that will allow defining the ranges of the IP addresses, ports, etc.

We are completel;y redesigning application rules. These are just first steps. You will be happier when we are finished.

Egemen