I recently switched from Sunbelt firewall. I’ve read the FAQs, and I’m just not getting it.
How do I setup the firewall to allow a single application access to 5 unique IP addresses, and block the rest?
Hi Joe,
What’s the app and what are the ports and protocols required?
Ewen 
The application is Mozilla Thunderbird. I only want it to contact my pop3 and smtp mail servers.
Unless the IP’s are sequential, I see no mechanism to specify them.
As for ports:
Open the firewall, click Security, click Application, locate Thundirbird on the list and click Edit. Look at Destination Ports.
Yes, I’ve figured out the ports. Of course, the IPs are not sequential, and there is no way to enter a comma separated IPs; so I have five individual rules for Thunderbird. But now, how to block any additional requests for just Thunderbird (I still want requests from other applications at this time).
Hey Joe,
You can set the destination address to ANY, as Thunderbird will only attempt access on the POP and SMTP ports.
Hope this helps,
Ewen
But I don’t want to allow Thunderbird access to all destinations. Are you saying it is not possible to allow an application access to specific IP addresses, and block all other IPs? If not, this firewall is severely lacking.
You can not add more IPs to one rule. Create the same rule for each IP.
Eg. I have 2 IPs for my DNS rule and I have to have it in 2 rules (screen).
Yes I know this. I have 5 individual rules now for Thunderbird. However, if I open up an email that contains images to webpages, I still get popups, so I need to now create a block Thunderbird rule, but still allow the 5 individual rules their respective connections. I would just not include port 80 for Thunderbird, but I must use port 80 for one of the smtp servers.
Hey Joe,
Of course you can make a rule that allows access to a specific address through a specific port. My reply was based on how most people set the firewall up. Most users seem to dislike have a large amount of rules, and your circumstances would dictate setting up five separate rules to cater for each mail server (10 if you’re using separate SMTP servers for each account).
To set up separate rule you would need to go into the network monitor and set up rules like;
Action : Allow
Protocol : TCP/UDP
Direction : Out
Source Address : ANY (this is the ONE PC the CPF is running on)
Destination Address : W.X.Y.Z (Your POP server)
Source Port : ANY (As per the source address)
Destination Port : POP and/or SMTP port.
This setup would need to be established for each mail server you need to use.
To exclude port 80 for Thunderbird, you would need to set up additional rules with port 80 set as excluded.
Hope this helps,
Ewen
I really appreciate the help. I normally don’t get so involved in rules either, but Thunderbird is a problem for me since one of the SMTP servers needs to be contacted on port 80, which opens up SPAM images unless I limit it to specific IPs. I will give the network monitor approach a shot.
One question with the rules in Network Monitor-- are these system wide, granting access to all applications?
I believe so, but the application monitor will prompt before access is granted if it’s an unknown application.
This is the real genius behind CPF’s hierarchical approach to firewalling.
cheers,
ewen
OK… I’m even more confused now. There is a rule in the Network Monitor that states
ALLOW TCP or UDP OUT FROM IP [Any] TO IP [Any] WHERE SOURCE PORT IS [Any] AND DESTINATION PORT IS [Any]
So, even if I create a rule in Network Monitor for Thunderbird, the above rule opens everything up again. If I remove the above rule, then all my applications are now limited to the ruleset I created specifically for Thunderbird, and I cannot browse the Internet.
You can specify IP addresses/ports in application rules, thats how I restricted outlook express to only my mail servers.
Hey Joe,
Me Bad. Sorry about my previous misleading post - I’ll make sure my brain is turned on this time and not in neutral.
To restrict thunderbird to specific addresses and specific ports you should set up the rules in the APPLICATION MONITOR, not the Network Monitor as previously advised (Thanks for pointing this out, SteveC).
Open CPF and click on the SECURITY button.
Click on the APPLICATION MONITOR button.
Click on the ADD sign
In the “Application Control Rule” window, you can specify parent details (if required). Comms parameters are entered through the General, Destination IP, Destination Port and Miscellaneous tabs.
Again, my apologies for the misleading post.
Hope this helps,
Ewen
Again, I have it setup how I want it, using the 5 separate rules I created earlier in the application monitor. However, if I open a SPAM mail that wants to retrieve images on port 80, Comodo gives me a popup asking to allow or deny the connection. I want all further requests for Thunderbird to be automatically denied-- I don’t want to be bothered with any additional popups by Comodo for Thunderbird. I can’t block port 80, because one of the SMTP servers is connected on port 80.
In Kerio, you simply set up two rules. One for the allowed sites, followed by a deny. This does not seem possible in Comodo, as there is no hierarchy in the application monitor.
My Thunderbird never show images/popups… i have to press a button with “show images in this mail”. (in Thunderbird) Go to tools/settings choose security-tab, check the boxes that suit you (I have them all checked).
I hope that it helps…
I understand, but I want control of this at the firewall level. It seems strange that this personal firewall will not allow me to restrict an application to only talk to the servers it needs to. Why should I open up my application to every IP on the Internet, if it only needs to talk to 5.
Until Comodo has this very basic functionality that practically every other firewall has, I’ll have to use an alternative.
make the same rules again except this time make it set to block and tick the exclude box in destination IP tab, that way it will block all IPs except your servers. you still need your allow rules aswell.
block rules can be TCP/UDP, IN/OUT, ANY PORT as its the exlude IP option that will trigger the rule and block. whilst your allow rule will be triggered only by your servers IP, protocols and ports.
I agree kerios rules were more flexible.
I understand what you want, but if you don’t want to have popups in Thunderbird, i suggest that you do as i said… That accomplish the same result as you wanted in another way… I have never had one single popup…
About CPF, i’m not qualified to help you with the ports. It looks like that i have a lot of ports for Thunderbird…