I use Comodo Firewall for a long time, but I’m new to forum
I have a problem. I need to open ports JUST FOR 1 application. If I make a Network Rule to open these ports, everybody may connect it, but I need these port only for one application. How can I block all other applications and connections, which are trying to connect to ports?
I asked the same question when I was new ;). Currently, there is no practical method because network rules are global. Perhaps in a future version this will be possible. But you don’t have to worry because opened ports can only be used by one application at a given session. Once that application is closed, so is the port until another approved application uses it.
The network rules screenshot would be a good start. I assume you want to block all incoming and outgoing connections on that port for all applications except that one? Please specify exactly what you want to achieve. (For example, I only want to allow uTorrent program to have incoming connections to port 30000)
Thanks for posting your rules. I see what you want now. :). As stated before, network rules are global and only trusted applications or ones that you allowed to be connected in the Application Monitor can connect using ports 1024-1100.
At this point the only way I know to restrict other applications in your Application Monitor is to exclude them from using that port range. For example, if I have another program like Opera in Application Monitor that I want to connect but to never use ports 1024-1100, then I have to Edit my rules for Opera accordingly in the Destination Port tab, and select A port range.
The first screenshot shows that my Opera has full outgoing access on TCP and UDP on all ports. The second screenshot further defines that my Opera is not allowed to use ports 1024-1100. This can be tedious if you have to define all Application Monitor rules for other programs like this. It’s probably only necessary for programs that you know also use this port range.
Just to clarify, my screenshots were taken from the Application Rule, not Network Rule and Opera was not allowed to use ports 1024-1100. It was just a demo to show how to prevent other applications from using these ports.
Network Rules are global - they apply to all programs that are in the Application Rules. So if you had other allowed programs in the AppMonitor then they can also use ports 1024-1100 if they chose to, because you have “opened” (allowed) them by your 2 Network Rules.
Do you have other programs that use these ports that you don’t want to? If so just follow my example to prevent them from using those ports.
Ok. I see what you mean. Yes, based on your network rules people should be able connect to your PC (incoming connections) using ports 1024-1100 only for programs that you’ve allowed, namely in AppMonitor. For applications that are not appearing in AppMon, they are denied total access by default (Except for certified applications by Comodo if you have that option enabled in Security > Advanced > Miscellaneous > Configure > 2nd option).
Not just incoming but also outgoing, depending on your setup and rules. It is confusing at first to distinguish between Application Monitor (what programs can / cannot have internet access) and Network Monitor (how those programs connect to/from the internet, like a router) rules. This is not clearly explained in the help file, which is why it may be difficult to see how both interact with each other ;).
The internet can only connect to your PC based only through the applications you have allowed in the Application Monitor rules, specifically bounded by the Network Rules.
Example: You allowed gene6 ftp server in your Application Monitor outgoing/incoming connections via TCP/UDP (I don’t know exactly as I haven’t seen your rules). This program is restricted by your network rules so that people outside can only connect to your PC and your PC can only connect out through ports 1024-1100.
Example: In AppMonitor i have only 1 application: gene6 ftp server, which is allowed to do anything. In Network Monitor I have rules, allowing to connect TCP IN on ports 1024-1100. Other connections will be blocked. Can anybody from the internet connect to my pc without getting connection with gene6?
If gene6 ftp server is the only program in AppMon, then it makes things easier to visualize. To answer your question: No. Nobody from the internet can connect to your PC. They only way is if they also run gene6 ftp server and can only connect to your gene6 ftp server on your PC (through ports 1024-1100).