Share Your Customized Rules

Hi Folks

Firstly thanks to Melih, devs and all who participated in the release of the eagrly awaited V3 .For that i salute you. (:CLP)
Right my question is i need a bit of advice in setting up utorrent rulset in V3, i have a custom rule already set by CFP…

-Action : Allow
-Protocol :IP
-Direction :Out
-Source :Any
-Dest : Any
-IP Protocol :Any

Now should i leave this rule as is or remove this rule and change to the following, or leave as is and add the following?

  • Action: Allow
  • Protocol: TCP or UDP
  • Direction: In
  • Source IP: Any
  • Destination IP: Any
  • Source Port: Any
  • Destination Port: utorrents port

Many thanks in advance…
Novie

The COMODO generated one is fine unless utorrent gets infected/exploited. Yours is more secure so comodo will not let utorrent send out connections. This may interfere with seeding though?

I have a problem with the rules in Strongdc++.If i leave the default rule the search those not work,if i switch to passive the search work.If i make the rule like in the old Comodo.The default rule still appear after i just delete and the search does not work.How can i solve this problem? Sorry for my bad english.

You need to add the incoming connection port unless you put the p2p mode at installation.

incoming port is any.

StrongDC++ is set with firewall with manual port forwarding.

Rule 1: For TCP

Action = Allow
Protocol = TCP
Direction = In
Source Adress = Any
Destination adress =my ip
Source port = Any
Destination port = X (TCP port set in StrongDc++)

Rule 2: For UDP

Action = Allow
Protocol = UDP
Direction = In
Source adress = Any
Destination adress = my ip
Source port = Any
Destination port = X (UDP port set in StrongDc++)

And i put my ip in every favorite hub. Direct connection and my ip.

So i guess you got it working?

No.Only passive will search.I only show how i make the rule for strong and still have problems.

I was thinking it might be an idea for users to post their own customised rules/settings here to give others the benefit of their increased security. (V)

I agree. Help us newbies out here (:TNG). If feasible, you can also upload your configurations now :-*.

haha glad we’re in agreement (:WIN).

I was thinking it’d be useful for both inexperienced users (and lazy experienced ones) to have the option of configuring D+ without relying on trial and error.

Useful Firewall rules and policies

Firewall\Common Tasks\My Port Sets

  • Netbios
    IN (135-139)
    445

  • Incoming TCP
    Add yours

  • Incoming UDP
    Add yours

Firewall\Common Tasks\My Network Zones

  • Local Area Network
    IP in [your network IP Mask (eg 10.0.0.0/255.0.0.0)]
    IP 0.0.0.0
    IP 255.255.255.255

  • Internet-wide Multicast
    IP in 224.0.1.0-238.255.255.255

  • Special & Local Multicast
    IP in 224.0.0.0-224.0.0.255
    IP in 239.0.0.0-239.255.255.255

Firewall\Advanced\Predefined Firewall Policies

  • LAN
    Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
    Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
    Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
    Block and Log All Unmatching Requests

  • LAN & Outgoing
    Allow IP In From In [Local Area Network] To IP Any Where Protocol Is Any
    Allow IP Out From IP Any To In [Local Area Network] Where Protocol Is Any
    Allow IP Out From IP Any To In [Special & Local Multicast] Where Protocol Is Any
    Allow TCP or UDP Outgoing Requests
    Block and Log All Unmatching Requests

  • Web Browsers with FTP capabilities
    Allow Outgoing TCP Requests
    Allow Outgoing DNS Requests
    Block and Log All Unmatching Requests

Firewall\Advanced\Network Security Policies\Application Rules

  • Svchost - LAN & Outgoing
  • System - LAN or LAN & Outgoing
  • Explorer - LAN + ALLOW TCP OUT to host crl.microsoft.com

Firewall\Advanced\Network Security Policies\Global Rules

  • Allow TCP In From IP Any to IP Any Where Source Port ANY And Destination Port Is In [Incoming TCP]
  • Allow UDP In From IP Any to IP Any Where Source Port ANY And Destination Port Is In [Incoming UDP]
  • Allow TCP In from Any IP to Any IP where Source Port is 20 and Destination Port is ANY (To enable FTP CLIENT Firewall Policy)
  • Block and Log TCP or UDP Out From IP Any to IP Any Where Source Port is In [Netbios] And Destination Port Is ANY
  • Allow and Log TCP or UDP Out From IP Any to IP Any Where Source Port Is In [Privileged Ports] And Destination Port Is Any
  • Allow TCP or UDP Out From IP Any to IP Any Where Source Port Is Not In [Privileged Ports] And Destination Port Is Any
  • Allow IP out from Any IP to Any IP where the protocol is GRE (Needed for PPTP)
  • Allow ICMP Out From From IP Any to IP Any Where ICMP Message Is ECHO REQUEST
  • Allow ICMP In From From IP Any to IP Any Where ICMP Message Is ECHO REPLY
  • Allow ICMP In From From IP Any to IP Any Where ICMP Message Is TIME EXCEEDED
  • Allow ICMP In From From IP Any to IP Any Where ICMP Message Is PORT UNREACHABLE
  • Allow ICMP In From From IP Any to IP Any Where ICMP Message Is FRAGMENTATION NEEDED
  • Block and Log IP In/Out From From IP Any to IP Any

Last Step Should be to use Firewall\Common Tasks\Firewall Stealth Configuration and Choose “Define a New trusted network” and allow [Local Area Network] and [Special & Local Multicast]

NOTE: When you add your private IP range to your [Local Area Network] Zone don’t forget to add Your Network Address (usually ending with .0) and Broadcast Address (usually ending with .255) Using IP Masks or IP Ranges

eg: Network Address: 10.0.0.0, Brodcast Address: 10.255.255.255
IP Mask 10.0.0.0/255.0.0.0
IP Range 10.0.0.0-10.255.255.255

Nice rules!

Here are mine:

DNS hardcoded. DHCP, NetBIOS disabled.

Port sets:
“HTTP/HTTPS ports” 80,81,82,443,8080,8090
“POP3/SMTP” 25,110,143,465,995
“FTP” 20,21
“DNS Request port” 53
“Torrent ports” … if needed

(Special ones…)
“Whitelisted User Ports” 1024-4999
“Whitelisted Standart Ports” → HTTP/S + POP3 + FTP + DNS

The first one is used to make all legal apps cast at higher ports.
The second one is used to allow some generalisation, its basically legal remote-connect port list.

Global rules:

  1. Allow TCP/UDP CreateAlert(optional) Out “General Access: Allow whitelisted communication” SA:Any(place your IP here if its static) DA:Any SP:PortSet-“Whitelisted User ports” DP:PortSet-“Whitelisted Standart Ports”
    2a. Allow TCP/UDP Out “DNS: Grant Access to Naming Server 1” SA:Any(…) DA:SingleIP- SP:PortSet-“Whitelisted User ports” DP:PortSet-“DNS Port”
    2b. Allow TCP/UDP Out “DNS: Grant Access to Naming Server 2” SA:Any(…) DA:SingleIP- SP:PortSet-“Whitelisted User ports” DP:PortSet-“DNS Port”
    3a. Allow TCP/UDP Out “Loopback: NIC->localhost” SA:Zone- DA:127.0.0.1 SP:Any DP:Any
    3b. Allow TCP/UDP Out “Loopback: localhost->NIC” SA:127.0.0.1 DA:Zone- SP:Any DP:Any
  2. Allow ICMP Out “Ping: allow pinging others” SA:Any(or your IP if static) DA:Any ICMP:Any
  3. Block TCP/UDP CreateAlert In/Out “Block: other TCP/UDP” SA:Any DA:Any SP:Any DP:Any
  4. Block ICMP CreateAlert In “Block: beeing pinged” SA:Any DA:Any Any
  5. Block IP CreateAlert In/Out “Block: any other traffic” SA:Any DA:Any IP:Any

Predifined Firewall polices
Browser->HTTP->SP:PortSet-“Whitelisted User ports” DP:PortSet-“HTTP/HTTPS Port”
Browser->DNS->SP:PortSet-“Whitelisted User ports” DP:PortSet-“DNS Port”
Browser->…add FTP, if needed…
Outgoing Only->SP:PortSet-“Whitelisted User ports” DP:PortSet-“Whitelisted Standart Ports”

so, what are the rules for P2P programs?
If we set:

allow TCP/UDP out
allow TCP/UDP in (P2P port)

is it not secure?

Yes, pretty much the same as in v2, except you should also add the last block ip in/out as the 3rd Application rule.

Hi all

Soya can you post the exact rules that you are using, either in here or the post designated for custom rules…i like many other im sure would like your take on this…hey even lets start a new stickey on approved custom rules on p2p and other programs. (:NRD)

Many thanks in advance yours
Novie :■■■■

Mine suck! lol It’s pretty basic and pretty much the same as I had with v2, but a little more secure or redundant. If it’s redundant please tell me I can remove some rules.

Predefined Rules
I deleted some defaults and for the remaining 3 edited them so that they doesn’t log the Block IP In / Out rule for each because I care about logging (except for the intro stage when I wanted to ensure everything was working out). So I’m left with the Web Browser, Blocked Application, and Outgoing Only.

Application Rules
System (default): uses the Predefined Outgoing Only rule. NOTE: This thing confused the h^ll out of me at first. Later on, I found out that System can be represented as my pc itself and it also acts as the old Allow all outgoing TCP/UDP rule that was the very top one in v2. This explains why we don’t see it in the Global Rules by default.

%windir%\system32\svchost.exe (default): uses the Predefined Outgoing Only rule. This of course was never explicitly shown in v2, but was covered by the old Certified apps by Comodo option.

COMODO Firewall Pro (default): uses the Predefined Outgoing Only rule. No-brainer on this one; it’s CFP required for updates and Defense+ lookup on unknown apps.

C:\Program Files\Opera\Opera.exe (my preferred browser): uses the Predefined Browser rule.

C:\Program Files\Windows Media Player\wmplayer.exe: uses the Predefined Blocked Application rule. This is because I never use or want to connect WMP to the internet or M$, nor is the internal UDP loopback connection necessary.

C:\Program Files\uTorrent\utorrent.exe: uses my customized rules.

  1. Allow TCP OR UDP Out from IP Any To IP Any Where Source Port Is Any And Destination Port is Any
  2. Allow TCP OR UDP In From IP Any To IP Any Where Source Port Is Any And Destination Port is __ (uTorrent’s listening port # I set up).
  3. Block IP In/Out From IP Any To IP Any Where Protocol Is Any

C:\Program Files\Winamp\winamp.exe: uses the Predefined Outgoing Only rule. For listening on the radio, what else? :stuck_out_tongue:

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe: uses the Predefined Outgoing Only rule. This one I’m not sure if it’s enough as I recall in v2 Yahoo also requires incoming connections.

Global Rules

  1. Allow TCP OR UDP In From IP Any To IP Any Where Source Port Is Any And Destination Port is __ (uTorrent’s listening port # I set up). This one mirrors the other in Application rule. If I’m not mistaken, the same logic applies as it did in v2: if you don’t open a port in Global Rules as well, p2p programs won’t function properly.
  2. Allow ICMP In/Out From IP Any To IP Any Where ICMP Message Is Any. Ok, I’m sure this one is highly debatable, but I don’t care. Like Matousec and others have stated, this protocol is mainly used for network / routing purposes and if disabled, p2p program internet speeds won’t be maximized. I know that because there were a lot of Port Unreachable, Network Unreachable, and so forth in my logs at first. The only loss in this rule? My pc isn’t “stealthed”. Big deal. The fact that uTorrent is connected to others doesn’t exactly mean I’m invisible to begin with.
  3. Block IP In From IP Any To IP Any Where Protocol Is Any. I don’t why v3 isn’t set up to be like it did with v2 on this last rule to also include blocking Outgoing connections. Any clues? I tried adding the Out part but it blocks every application to connect out even though they’re granted access in Application Rules.

Thanks Soya (:WIN)

I’m still confused because I’ve been testing a lot of things right now:
I deleted every and all Global Rules, and yet everything still works properly and ports are stealthed (except for the one I saved for uTorrent’s listening port) and ICMP which I granted full access. This is only true if I leave the System process in Application Rules. I keep associating System with Global Rules itself - like they’re one and the same. In other words, if there was no System in Application Rules, I would have to setup everything like the old way in V2, so to me: System = Global Rules = Network Rules in v2.

Soya

would this depend on/if what the user selects in the firewall>tasks>stealthportswizard…im getting confused here?

this is a cracking firewall but way ahead of v2…its gonna take a while to get used to this one.