Understanding Global Rules

Hi all,

I am trying to understand how exactly Global Rules are being handled in Comodo. Seeing for example, that I have the buttons “up” and “down” I presume you can alter the ‘priority’ of this rule, correct?

e.g. If I have a global rule for RDP port and one for openvpn and then add a rule blocking all IP traffic IN, would RDP and openvpn still work, regardless of this global blocking rule?


34 views and no one knows anything??? Am I being that stupid or is this a question that isnt as easy at it seems?

Thaks in advance for any info on this!

Global firewall rules are read from the top of the list downwards.

Rule position within the list is critical to correct rule parsing.

As data packets are detected the rules are applied from the top rule downwards until there is a rule that satisfies the packet condition.

For example, you may have a rule that ALLOWs inbound TCP to port 80 as the fourth rule in your list. In the top position you have a rule that BLOCKs inbound TCP on port 80.

In the example outlined above, CIS would read rule 1 and block the inbound packet. It would then stop reading the rules because the top rule satisfied the packet condition. Therefore, it would never read or apply the fourth rule - the one that would allow the traffic.

If the rule positions were reversed, the packet would be allowed to pass the firewall.

NOTE : It is important to have a BLOCK ALL rule at the bottom of your rule list. This rule is designed to catch and block any rule that is not explicitly satisfied by rules above it in the global list.

Hope this helps,
Ewen :slight_smile:

P.S. 34 views is not really that many. 20 hours is equally not a great deal of time to wait. These forums are primarily run by the members, not by Comodo (although the Comodo developers and staff do lurk a fair bit) so a bit of patience is appreciated. :wink:

Indeed, patience is a virtue :wink: Sorry for being hasty.

And thanks a lot for this detailed answer! Helped me understand these rules fully now.

Phraccy :slight_smile:

No worries.

Go through the help files. There is heaps of information there about setting up the global rules.

Pay particular attention to the EXCLUDE option. This is very useful if you want to create a particularly tight rule for a particular set of parameters.

For example, if you wanted to allow a friend with a known IP address to be able to access a web server running on your PC, you could create a BLOCK rule, blocking all inbound requests from all IP addresses to port 80 on your PC, but … selecting the EXCLUDE option, you can nominate your friends IP address as the source address. This rule would then BLOCK all inbound TCP port 80 traffic from all IP addresses with the exception of your friends IP address.

If there is a group of known IP addresses you want to give the same access to, you could add those IP addresses to a network zone and then use that network zone in your BLOCK and EXCLUDE rule (in place of the individual IP address used in the example).

Neat, eh!!

Hope this helps,
Ewen :slight_smile:

I had to write too often about this section.
And i wasnt organized enough to post links :smiley:

Also, it should be noted that for incomming connections Global rules are checked first, if there is an allow rule, then Application rules are checked, if there is an Allow rule there then connection goes through, otherwise you’re asked (if no application rule exist). For outgoing connections it’s vice-versa. So in a sence Global rules act as a router…sort of.

Just to make sure I undrstood…lets take RDP for example.

In order that An rdp session sucessfully goes through the firewall I need a global rule allowing tcp 3389 AND and application rule for svchost allowing same protocol and port , is that correct? Or would it work without the apllication rule too?

This is an interesting option, one I tried and was disappointed. But maybe I am doing something wrong?
I tried blocing all tcp traffic for firefox and excluded port 80 and 443. Result was, that Firefox could no longer connect to the net. If I turmed that rule into an allowance rule for port80 and 443, everything worked fine again.

As far as I understand it, allowance rules allow the traffic on teh protocol and port you specify and block all else, correct? What is the exact difference between an allow rule and a block rule with exclusions then???

You indeed need to allow incoming traffic for svchost.exe on TCP 3389 to successfully establish a rdp session.

great, thanks for the info :slight_smile:

any info on my question regarding the allow and block rules?

Thanks in advance!

Priority from top of the list to bottom.

Global rules are there to make global decisions.
You would only need “allow rules” in global rules, if you want to make an exception for a created “block rule” in global rules.

Use the stealth port wizard setting 3 to avoid questions about “unrequested ingoing traffic”. Check global rules after that for what rules have been added then. These rules give an idea about how global rules are usefull.