Understanding Global Rules

My understanding is that, without any global rules, all traffic is automatically blocked.

1a) is it?
1b) if so, what is the matter of creating “Allow IP Out” global rules?

  1. if e.g. incoming traffic is automatically permitted without the presence of global rules, then why would we need the presence of “Block IP In” rules and such?

Any help would be appreciated. :wink:

I don’t have any global rules. Firewall policy moved to custom from train with safe mode. 1a) If something happens that is not in my application rules, I get a popup from the firewall asking what I want to do about it. 1b) Beats me? 2) Beats me?
For certain activities some find the global rules convenient (trusted networks, for example); for me they would just be redundant and unnecessary with the application rules-I am just a single computer attaching to the internet via untrusted wireless routers. I do not understand the implicit rules or SPI implications of the CFP modes and do not have a list of the built in rules for safe or other applications, so build explicit rules on a per application basis. I also expect the implicit rules to evolve with CFP3 and further confuse things. I put a “block all and log” at the end of my application rules, then look at the log to see what was blocked and if I want to add an allow rule for it. I would use an “ask” instead, but “ask” doesn’t work at all on my installation.

[attachment deleted by admin]

From what i understand global rules are mostly to control unrequested attempts to connect to or find out about your computer.I think(please correct me if im wrong)they help to stealth your computer by denying ping or echo requests etc.Global rules seem to be the first line of defence where any unwanted packet is droped.If you have no global rules all traffic will pass straight to application rules not be automatically blocked.

Nice 1 Matty

If you have a router, most of the unrequested attempts are blocked by the NAT function. Even if you don’t, all of these functions can be done in the applications rules as in the attachment above, and often have to be done redundantly with the global rules if they exist-remember outbound traffic goes through the application rules first, then the global rules; inbound traffic goes through the global rules first then the applications. The application rules above do pretty much the same thing as global rules would do. What the global rules bring to some users is convenience. I find it more convenient to group the rules where they are actually used, instead of partly in the application and partly in the global. But others use the global rules effectively, so Comodo has provided them as an enhancement.

Some set ups will require some global rules,some wont,it is this ability to cater for as many differant systems as possible that makes CPFV3 the most adaptable (while still offering high levels of protection) security firewall/hips out there.

Plus the enormous wealth of computer knowledge this forum gives are imo second to none

Nice 1 Matty