How to configure Comodo to block any internet traffic except some ports?

korisnickoime · May 23, 2011, 1:06pm

Hello,

I want to connect to one of my computers with ultra VNC. Computer is Win Xp Sp2

So i want to disable any internet traffic on that computer except some ports which is needed to be opened for VNC and Dyndns client.

My question is, how to make that rule in Comodo Firewall?

thanks

Radaghast · May 23, 2011, 2:27pm

On the computer you wish to connect to: (this is using standard UVNC ports, if you have chosen different ports substitute them where necessary)

Open The CIS control panel from the system tray
Select Network Security Policy
Select Port sets
Select Add and give the new port set a name (VNC)
select the new port set and select Add
Choose Single port and add 5800
Repeat for 5900
you may also wish to add 5500 if used
select OK

Now select Global rules and remove any rules currently in use and create a new rule:

Action - Allow
Protocol - TCP
Direction - IN
Source Address - ANY or the address of the computer you’re connecting from
Destination Address - ANY or the MAC address of the PC
Source Port - ANY
Destination Port - Choose a set of ports and select the port set you created earlier.

Create another rule below this:

Action - Block and log
Protocol - IP
Direction - IN
Source Address - ANY
Destination Address - ANY
IP Details - ANY

Now create an Application rule for winvnc.exe (remove any rules currently in use)

Application Name - winvnc.exe
Action - Allow
Protocol - TCP
Direction - IN
Source Address - ANY or the address of the computer you’re connecting from
Destination Address - ANY or the MAC address of the PC
Source Port - ANY
Destination Port - Choose a set of ports and select the port set you created earlier.

Create another rule below this:

Application Name - All Applications (Add/Select/File Groups/All Applications)
Action - Block and log
Protocol - IP
Direction - OUT
Source Address - ANY
Destination Address - ANY
IP Details - ANY

korisnickoime · May 24, 2011, 8:12am

Thanks for answer, its works!

For global rule, i also add block IP OUT, because i don’t want that clients go to the internet.

Does this configuration is good for security?

thanks

Radaghast · May 24, 2011, 9:05am

The rules I gave you will only allow communication over uvnc, as this is the only application allowed to receive inbound packets.

You don’t need to add an IP out to Global rules as you’ve already created that rule for Applications. To understand that, consider how the firewall works:

Application X —> Application rules —> Global rules —> Internet

Essentially, for an application to communicate outside the local PC, the request is first processed by Application rules:

Application X ----> Application rules = Allowed = go to Global rules
Application X ----> Application rules = Blocked = Stop

So in our Application rules the first rule allows uvnc and the second rule blocks all other applications.

korisnickoime · May 24, 2011, 10:10am

thank you for answer.

yes, that application rule is true, it block accessing applications to internet.

But i think that block ip out is generally stronger rule, because it globally block out traffic.

Once again, thanks for help, this work good.