Looking for something very simple

Not sure how to do this, as there are so many menus and options, and I don’t even know what’s there out of the box… (overwhelming)

I want to configure something like this :

All NICs, all subnets, All inbound traffic is allowed (I don’t care who tries to contact me… wide open.)
All NICs, all subnets, All outbound traffic is blocked (I don’t want any data leaving that I do not approve)

And I want to do per-application unblocks on outbound traffic, so that I can mark whatever app I want as “OK” to talk to anyone (internet, intranet, I don’t care, just per application).

And I want this to include the operating system. No ‘phoning home’ or ‘configuration information reporting’ exceptions for the system.

ICMP traffic doesn’t bother me. People can ping me all they want.

Thanks,
-scheherazade

These two threads area good starting point to get basic settings right:

https://forums.comodo.com/firewall_guides/setting_up_firewall_for_maximum_security-t30535.0.html

https://forums.comodo.com/defense_guides/setting_up_defense_for_maximum_security-t30473.0.html

You can consider setting firewall’s Alert Frequency Level to Low instead of Medium:

http://img188.imageshack.us/img188/1328/01032010091746.png

And a few more useful tips can be found here:

https://forums.comodo.com/firewall-help/questionsproblem-with-recommemded-firewall-configurations-t48332.0.html

The default configuration should be sufficient then.

It will alert you on outgoing traffic, just allow it if your alerts are in simple mode, if you expanded the alerts chose “Trusted Application”.

In the default mode it will automatically allow the “trusted” applications there are two types of these.

  1. Whitelisted by Comodo based on internal list not viewable by the public
  2. Trusted based on signatures visible on “My trusted Software vendors”

If you don’t want the Firewall to allow trusted stuff you should set it to “Custom Policy Mode”

Just to answer the initial query, Have you tried Ganda? (forum joke).

To actually answer your question, you will need to create some rules and remove some rules. Go to Firewall->Advanced->Network security policy->Here you will find Application and Global rules. For Outgoing traffic application rules are consulted first then Global. Vise-versa for incoming.

So go to Global rules and remove all entries(this takes global rules out of the equation)

Now in Application Rules you can do the same but we need to create a rule to allow incoming for all applications. After removing all the rules click on “Add” then on “Select” choose File Groups then All Applications.
All Application should appear in the Application Path box. Now to create an Allow all incoming rule. Click on “Add” and create the rule Allow IP in from IP ANY to IP ANY Where Protocol is Any then click APPLY. Now click OK. You should end up with your application rules like the picture(or similar as that is from CIS4)

Now we also need to stop any rules being created for apps and to ensure you get an alert for Outgoing. To do this go to Firewall->Advanced->Firewall Behaviour Settings->Move the slider up to “Custom” and in the “Alert settings” window set the slider to at least “High”.
You should now receive an alert for anything which doesn`t have a rule for it in Application rules, and as you have no rules…

Matt

[attachment deleted by admin]