Letting all traffic in

I’ve deleted all the rules in the Network Control Rules. I’ve added one that lets all traffic in using any ports. Are there obscurities that I may be missing? BTW, I do have a hardware firewall for my network. I just want something to monitor what’s going out of my system…

I’d like to refer you to my “How To” on the network control rules, as there may be more reasons for needing more that one Rule. [url]https://forums.comodo.com/index.php/topic,1125.0.html[/url]

But without trying to convert your decision, there may be a flaw in the Rule that you’ve created.

As outlined in the “How-To”… inbound and outbound rules both control communication comming to your PC… The difference is that outbound rules allow responses to come back that were originally requested by your PC, whereas inbound rules let any communication come in (whether you initiatiated communication or not). Did you define your rule as inboud? If so, that might be the “flaw” i was referring to.

IMHO, if you are the only PC (no LAN with other PC’s), you really should have Rule A and Rule C listed in the “How-To”… and add Rule B only if you are on a LAN. I think Rule C is really what you were after, and Rule A may feel redundant if you trust your Router implicitly… but it certainly won’t hurt.

“ALLOW IP IN OR OUT FROM ANY TO ANY WHERE IPPROTO IS ANY” would show you all initiated in or out connections. But CPF will not produce logs for solicited packets. For example, when you connect to google.com, it will create a log for outbound attempt for google, but it wont show the google.com’s response as an inbound attempt.

In short, due to stateful inspection, CPF logging wont act like a network sniffer. But you will definetly see what sort of in or out connections are allowed/blocked.

Egemen

FYI, here’s my rule:

ALLOW TCP or UDP IN or OUT from IP [Any] TO IP [Any] WHERE SOURCE PORT IS [Any] AND REMOTE PORT IS [Any]

I’ll be reading your post shortly…

This rule will not show ICMP or any other protocols though. Just TCP and UDP.

Ah, for instance, IP isn’t bundled with TCP then? I thought that selecting TCP, would sort of encapsulate IP.

Any reason why I would want to enable ICMP?

Nope. TCP and UDP are the most important ones.