Can anyone explain how to block port 137-139 and 445 in Comodo for inbound and outbound connection?
In win7 firewall i created the following outbound rules
Action: block
Program: any
Local address: any
Remote address: any
Local port: 137-139 & 445
Protocol: TCP
Action: block
Program: any
Local address: any
Remote address: any
Local port: 137-139 & 445
Protocol: UDP
I have copied these 2 rules for the inbound rule as well.
When i look at Comodo i see source port and destination port. Where do i put the port numbers in source or destination and does it depend on in or outbound rules?
With CIS, when creating rules to handle NetBIOS (137 to 139) and SMB (445) we typically use Application rules for the ‘System’ process., and possibly a Global rule, depending on configuration choices. The basic construction of the rule is quite similar to those under Windows firewall. For example:
Application Name - System
Action - Block
Protocol - TCP or UDP
Source Address - ANY
Destination Address - ANY
Source Port - ANY
Destination Port - Use a Port Set with the appropriate ports.
I have read the posts you mentioned and i still don’t quite understand why there are Application Rules and Global Rules categories. From what i have learned so far is Incoming traffic first goes through Global Rules and then through Application Rules. For outgoing traffic it’s the opposite. Outgoing traffic is best handled in Application Rules not in Global Rules?
I have created these 2 entries in Global Rules
Action: Block
Protocol: TCP or UDP
Direction: IN
Source Address: Any Address
Destination Address: Any Address
Source Port: Any
Destination Port: 137-139
Action: Block
Protocol: TCP or UDP
Direction: IN
Source Address: Any Address
Destination Address: Any Address
Source Port: Any
Destination Port: 445
In Application Rules the following entries
Action: Block
Protocol: TCP or UDP
Direction: OUT
Source Address: Any Address
Destination Address: Any Address
Source Port: 137-139
Destination Port: Any
Action: Block
Protocol: TCP or UDP
Direction: OUT
Source Address: Any Address
Destination Address: Any Address
Source Port: 445
Destination Port: Any
But you can also put these 4 rules in either Application Rules or Global Rules right? Just started to use Comodo yesterday for the first time so it’s still confusing for me at the moment.
The differences between Global and Application rules can be a little confusing at first. Essentially, global rules can be used by any application, whereas application rules tend to be specific. If all you need is to block a specific protocol, port or IP address/block, for all applications, a global rule would suffice. However, if you need to control the activities of a specific application, you’ll need to use application rules.
Taking your requirement as an example, if you create global rules to block TCP/UDP In/Out for the designated ports, every application would be affected, which may be what you need, however, if you have a local area network, over which you share resources, you’ll find these global rules preventing the necessary communication. In this case, you can create application rules for the System process that allows the appropriate communication over the LAN but blocks everything else.
This is just a basic example and there are other ways to use Application rules, but hopefully it gives you an idea.