six problem, rules, ports, monitor, need help!!!

I am a newbie.the following are some questions that I could not understand. I need help.

  1. Application monitor have two rules about thunderbird. one is TCP/UDP in, the other is TCP/UDP out. at any rate the rules’ name are so. but we could know their directions are in/out if double-click them. Is the two rules the same in this case. actually, all other applications like firefox, gtalk, openoffice.org etc. are such cases that I have comfirmed and made remembered.

  2. I try to make the two rules different, so I change one’s direction is in and the other’s is out. what’s more, I restrict the desitnation ports of “in” to 110, 53, 995(gmail) and “out” to 25, 53, 465(gmail). then, it will ask me everytime. at the beginning, I think the popup tell thunderbird

  3. I found some TCP incomings try to come into my computer by ms-sql 1433. so I have create two new rules TCP in and UDP in, and I restrict ports to 20,21,25,53,80,110,443,465,995. the rules number is elevated to 1 and 2. But all is not changed at logs. Reasons is Network Control Rules ID=7 that is the default rules at the bottom – block & log IP IN/OUT.

  4. the log combox of date filter by date is invalid. now, you could not see the logs of yesterday, and tomorrow the logs of today is so. obviously, it’s impossible that the log file exceed the limitation of 5MB because somedays you connect only some minutes or one hours and the event that was logged is no more than 100. I hope the logs could be filterd by ports and sorted by all column.

  5. maybe I should ask OOo. but I think comodo should solve, too. OOo always sents to some packages in short period. I try to forbid it. then comodo began to use mostly CPU usage to deal these package so that I could not worked

6、I have make the destination port of TCP IN rule limit in 20,21,80,110,443,465, but the snort log is not so. the following is the part of log, and 220.192.44.154 is my IP. I access gmail by firefox 3.0a1.
Every time I start firefox, comodo would ask me if firefox could access remote network in 127.0.0.1 and port 2305(as server)/2306(connect network) next time it may be other ports. obviously, I must agree, otherwise I could not access internet.
so the question is if it’s possible to limit ports and why the rules do not work since I have apply my rules.
btw, except IE, other application always connect network by other port, not 25, 80, 110, 443, 465, 995 etc.

actually, application control rules have given firefox and thunderbird authority any port to any port and in/out, why comodo ask me every time even if TCP IN/OUT is any port to any port.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+

01/12-20:55:21.623838 220.192.32.103:53 → 220.192.44.154:2305
UDP TTL:252 TOS:0x0 ID:10804 IpLen:20 DgmLen:338 DF
Len: 310
76 35 81 80 00 01 00 04 00 06 00 06 04 6D 61 69 v5…mai
6C 06 67 6F 6F 67 6C 65 03 63 6F 6D 00 00 01 00 l.google.com
01 C0 0C 00 05 00 01 00 07 77 94 00 19 0A 67 6F …w…go
6F 67 6C 65 6D 61 69 6C 01 6C 06 67 6F 6F 67 6C oglemail.l.googl
65 03 63 6F 6D 00 C0 2D 00 01 00 01 00 00 00 E9 e.com…-…
00 04 D8 EF 35 13 C0 2D 00 01 00 01 00 00 00 E9 …5…-…
00 04 D8 EF 35 53 C0 2D 00 01 00 01 00 00 00 E9 …5S.-…
00 04 D8 EF 35 12 C0 38 00 02 00 01 00 01 51 7C …5…8…Q|
00 04 01 62 C0 38 C0 38 00 02 00 01 00 01 51 7C …b.8.8…Q|
00 04 01 67 C0 38 C0 38 00 02 00 01 00 01 51 7C …g.8.8…Q|
00 04 01 66 C0 38 C0 38 00 02 00 01 00 01 51 7C …f.8.8…Q|
00 04 01 65 C0 38 C0 38 00 02 00 01 00 01 51 7C …e.8.8…Q|
00 04 01 64 C0 38 C0 38 00 02 00 01 00 01 51 7C …d.8.8…Q|
00 04 01 63 C0 38 C0 82 00 01 00 01 00 01 51 7C …c.8…Q|
00 04 40 E9 B3 09 C0 92 00 01 00 01 00 01 51 7C … [ at ] …Q|
00 04 40 E9 A7 09 C0 A2 00 01 00 01 00 01 51 7C … [ at ] …Q|
00 04 48 0E EB 09 C0 B2 00 01 00 01 00 00 68 4C …H…hL
00 04 D1 55 89 09 C0 C2 00 01 00 01 00 01 51 7C …U…Q|
00 04 40 E9 B7 09 C0 D2 00 01 00 01 00 01 51 7C … [ at ] …Q|
00 04 40 E9 A1 09 … [ at ] …

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
thanks for help

pentium3m 512SDR Xp+sp2 OOo 2.1 firefox3.0a1 thunderbird1.5.0.5 AVG7.5 spybot1.4 comodo 2.3.8.16, .4.9.126, and .4.11.135RC1

Sorry if I can’t be a great help this morning, still half asleep. Have you read the Comodo FAQ Section? It has a full explanation of the Network Monitor Rules as well as other information relating to this.

Eric

hi, I saw the faq. it’s my question that I need to solve. why the behavior is differet from what it should be.
thanks