random UDP in connections


random UDP in connections allowed by design of comodo?

eg. DNS shugga shugga but just from the originated target server to the learned app?

else it would need a specific network rule to give UDP in free?


Evidently something happened to the topic. Picking up my reply to the first version of this topic…

My understanding is that CFP loopback is accepted as a matter of routine, if you have these settings: Security → Advanced → Miscellaneous Configure, and then mark the checkbox for ‘skip loopback’ for TCP and UDP.

Otherwise, if you clear the checkbox, then be prepared to write many rules for both Network and Application.

CFP, like any firewall, should block unexpected UDP traffic. The key word is ‘unexpected’. If I send a query out to a random DNS server, then I expect an answer back from that random server. After that answer comes back, I am no longer expecting an answer. Should that DNS server come back with another packet, that packet would be refused. Timing is part of the rule state for UDP. There is no analogy in TCP where a connection exists or it doesn’t exist.

Protocols without state, like UDP and ICMP, are difficult to implement in firewalls. An event, with an expected result, are things that are used to simulate a state. But expectations ‘time-out’, sometimes in seconds, usually in minutes.

There is an excellent book, titled “Building Internet Firewalls” from the publisher O’Reilly&Associates that describes in great detail how firewalls should work.

re grue,

yes i did edit topic, even removed :slight_smile: but were in SYN.

your explanations are 100% as ever.

plse see my bow from ip to comodo, and so much things explain due ppl state facts and how make an interface to even any user.



so now you think its usefull have instead eg. firefox have 2 entries tcp/udp allow

have 4 tcp in tcp out udp in udp out looks much but?

and might edit the network rule?

tcp out allow

udp allow

since tcp/udp dont mean OR then rather AND OR etc.

would this 1 step narrow UDP? since logfile dont say protocol