I don’t know if I should be a bit embarrassed for not knowing this, but I’ll have to risk that…
My question is:
Why aren’t inbound connections needed for applications like browsers or e-mail clients?
Naturally, an outbound connection is something originating from my computer and an inbound connection is something originating from somwhere else (a server) with my computer as its destination. So, if I send a request to ‘example.com’ I will obviously need an outbound connection. But in order for my browser to render the content of ‘example.com’, doesn’t that site need to send this content back to me (thereby using an inbound connection)? Same thing with an e-mail client: I send a request to a server, and the server then sends back my e-mail. Also, when I download a file from the web, wouldn’t I need an inbound connection?
Yet, the predefined rules for browsers and e-mail clients in CFP3 allow only outbound requests (http, ftp, pop3, and so on).
I realise that the answer is probably very simple. Although I’ve used a lot of firewalls I never really bothered to set things up properly. Now, with Comodo installed I’ve decided to try to learn as much as possible, so the understanding of this stuff is obviously a prerequisite for learning more complicated things.
I couldn’t find the answer in the FAQ section, btw.
Adding to what Dennis typed, there are basically two different types of inbound connections: Solicited (your system asked for them; browsers, email, etc…) & Unsolicited (your system didn’t ask for them). By default, CFP allows solicited connections & rejects any unsolicited connections.
Typically games, P2P, etc… have unsolicited inbound connections & this is why you might have seen references to “opening up ports” to allow a certain applications to allow unsolicited connections. CFP does check to ensure that any solicited connections are genuine & have not been faked/spoofed.
Thank you, Dennis and Kail! That was exactly what I wanted to know.
So allowing outbound connections is a relatively safe way of only “getting what you’re asking for” (albeit what I asked for might not necessarily be “safe”). I’ll have a look in the FAQ at what applications people usually allow inbound connections for apart from the examples you gave, Kail…