Still Stupid - Help understanding basic rules

Ok, I’ve missed the boat. I cannot figure the rule paradigm out. Here is an example that is currently killing me. Firefox no longer works - and I wasn’t changing Comodo.

The log says:

Date/Time :2007-02-21 20:30:59
Severity :Medium
Reporter :Application Monitor
Description: Application Access Denied (firefox.exe:67.32.118.46: :dns(53))
Application: C:\Program Files\Mozilla Firefox\firefox.exe
Parent: C:\WINDOWS\explorer.exe
Protocol: UDP Out
Destination: 67.32.118.46::dns(53)

I have one rule for Firefox:

Application: firefox, Parent: explorer, Dest: any, Port: any, TCP/UDP In/Out, Allow

In Network Monitor I allow TCP/UDP IN/OUT to ANY from ANY for port ANY

Seem promiscuous enough. If someone can, please tell me why it is being denied. From there we can go to how to fix it.

Thanks,
Dan

Hi Dan. According to your log firefox is blocked by an Application Monitor rule. Remove it and restart firefox. You probably denied an alert for ff without realizing it.

As for your Network Monitor rule, it is highly not recommended because it’s like having no firewall if you alllow all connections in and out on TCP and UDP. I suggest that you keep the very top default rule: Allow ~ TCP/UDP ~ OUT. Please post a screenshot of your rules if you want to be sure.

soyaBeaner,

I’ve attached an image of my App Monitor. You see there is only one rule for FireFox. Thanks.

…Dan

[attachment deleted by admin]

You don’t have any app mon rules blocking Firefox, so that’s not the cause. However, you shouldn’t allow all incoming connections to Firefox like that because it’s not safe. Change it to only allow OUT TCP/UDP (no in). The same almost applies to Bittorrent (and probably your other programs) - the incoming connections for this should be restricted to the listening port(s) you assigned in Bittorrent. You have to tighten your rules!

I still don’t see why your FF should be blocked. Please also post a screenshot of your Network Monitor rules.

And here are my network rules…

If you don’t see anything in the network rules, it wouldn’t surprise me. Recall that all was working and then quit for seemingly no reason. I then changed the setting to “allow all” which fixed it.

Thanks,
Dan

[attachment deleted by admin]

Ok. I see it now (hopefully :D). Your log indicates that firefox was blocked on the UDP protocol with port 53. Currently from what your screenshot shows, your Net Mon doesn’t have any rules to allow Outgoing connections on UDP for Destination port 53. So just edit rule #3 to correct that. If I’m not mistaken, this is required for DNS lookup.

Note 1: Usually if the Allow All security function works, it’s a rules issue.

Note 2: Net Mon rules have the final decision in allowing/disallowing traffic regardless of your App Mon rules. I think of App Mon as the first stage to screen out my “trusted” programs internet access.