Two questions regarding advanced configuration

I recently started using Comodo Firewall because it’s one of the few free home firewalls that offers advanced configuration. I’m accustomed to configuring iptables and security appliances, so if I use something like ZoneAlarm that has program rules only, I feel like I have no control over the firewall. I do however have two important questions:

1.) In iptables, each chain has a “policy” that states what happens if traffic matches none of the rules. The policy can be that any traffic that doesn’t match a (deny/reject) rule can be allowed, or any traffic that doesn’t match an (allow) rule can be denied or rejected by default. I don’t see this policy in Comodo Firewall. What happens in Comodo if traffic doesn’t match a rule?

2.) Under certain circumstances, in order to more closely mimic the configuration of iptables or a security appliance, I may decide I’d like to disable the application rules entirely and run solely with global rules for port/address allowances. Is this possible? Or is there a way to automatically allow application rules without prompting, but still enforce the global rules?

Thanks

Hello;

1:
It goes through the application list to look for it’s executeable name (per say) and then if it’s not on the list, then goes through the global rules and if not there it’s blocked (Unless you have the firewall in safe mode it may be automatically allowed because It is either on the whitelist or TVL)

Make sure you are in custom policy mode;
CIS > Firewall > Firewall Settings > Move the bar all the way up
Also
CIS > Firewall Network Security Policy > Remove All Applications in the list except for ‘all executables’ then change that policy to Allow, Then it will go through the global rules
Hope this diagram will help

Did i answer all your questions effiecently ?

Jake

I overlooked where you could add a rule for all applications, thank you.

As for my question about the rule order, I can see that traffic must match both an application rule and a global rule in order to be allowed. I can for example allow all traffic in the global rules but still be prompted on a case-by-case basis for application rules, and it’s blocked unless I allow it on the application side as well.

I guess what I’m a little unclear on is what happens if there is no matching rule. Let’s say I have no global rules. Is all traffic then blocked because there is no matching rule, or allowed because there is no matching rule? In iptables, you can set a policy (allow/reject/etc) for any traffic that doesn’t match any rule. I did something similar by just putting a block-all rule at the end of the global list, but I was wondering what Comodo’s behavior would be if I didn’t.

If No Rule is found You’ll be asked for it (If in Custom Policy Mode)
If allowed in application rules it will be automatically allowed through the global rules unless specified to be blocked

with my attached configuration; I can control the traffic through Global rules instead of ‘application rules’

So;
All applications in application rules set to allow all >>> Global rules if no ‘block’ then traffic will be automatically allowed

All applications in application rules doesnt exist then prompt user (If in Custom policy mode)

Revised Post Below

1.) In iptables, each chain has a "policy" that states what happens if traffic matches none of the rules. The policy can be that any traffic that doesn't match a (deny/reject) rule can be allowed, or any traffic that doesn't match an (allow) rule can be denied or rejected by default. I don't see this policy in Comodo Firewall. What happens in Comodo if traffic doesn't match a rule?

Outgoing:
IF It’s a application; and doesn’t have a rule in “Application Rules”
Will either be prompted (Custom policy mode)
OR
IF not on whitelist will be prompted(Safe Mode)
OR
IF on whitelist then will be automatically allowed (Safe Mode)

In Coming:
If another computer tries to connect to yours and not on Global Rules
You’ll be prompted with an alert

2.) Under certain circumstances, in order to more closely mimic the configuration of iptables or a security appliance, I may decide I'd like to disable the application rules entirely and run solely with global rules for port/address allowances. Is this possible? Or is there a way to automatically allow application rules without prompting, but still enforce the global rules?
Yes; (Add "All Applications" Place Allow THEN Global Rules Place a "Block IP All from/to IP(Custom Policy Mode) On The Bottom)
I overlooked where you could add a rule for all applications, thank you.
Your Welcome

Hope this is better to understand


Jake

[attachment deleted by admin]