Block single IP address

[Guest]

[egemen]

For Blocking someone (even if I don't get it, why you want shuch feature; unless the other party is a leecher), you should use:
Security -> Network Monitor - > add rule ( I'm writing this so others can understand where to find this options)
Action = Block
Protocol = IP
Direction = Out
Source IP = Your IP (pay attention if you are behind a router to use your computer internal IP and not the Internet IP of the router); I'm not sure but maybe you can also leave it blank [ -> I mean Any (coment added on May 20 2006)]
Remote IP = The IP of the nasty user
IP Protocol = Any

Then move the rule up (over the default rule "Allow /IP Out/ Any/ Any")

Hope it Helped

Direction field must be "IN" and SOURCE IP and REMOTE IP must be exchanged. Please have a look at the following message

http://forums.comodo.com/index.php/topic,193.msg1458.html#msg1458 to solve this problem.

Egemen

[panic]

Okay, to play a devil's lawyer (just for my own understanding):

A: some server (e.g. local) that sends message to me regulary informing me on updates

B: my computer

(1) A ---SYN--> B  ("hi there, I want to connect")

At this stage packet (1) is unsolicitated, I did not ask for it. But, I accept it (e.g. having some network monitor rules that does this).

(2) B ---SYN/ACK ---> A ("okay, you've got my ear")

(3) A---ACK--->B ("good let's talk")

now connection is established

(4) A---(data)-->B ("I have some updates for you, here they are")

Okay, now at this stage, I haven't really asked for (data) but it gets in. Is(4) solicitated or unsolicitated package?

Zoran

(4) is solicited because (2) said "OK, come on in". That and the fact that you had an explicit rule that allowed the initial SYN in.

Ewen :-)

[Wisanggeni]

A question, Egemen.
How do I implemented this with my non-direct connection (Sock 5) ?

*. I use Putty to tunnel my way "in/out" the Net
*. I've tried using IP instead of TCP/UDP... still no luck

...am I "special" case here, or do CPF Dev's forgot about this type of connection?

[egemen]

A question, Egemen.
How do I implemented this with my non-direct connection (Sock 5) ?

*. I use Putty to tunnel my way "in/out" the Net
*. I've tried using IP instead of TCP/UDP... still no luck

...am I "special" case here, or do CPF Dev's forgot about this type of connection?

If attackers' IP addresses remain the same, i.e. if your proxy does not change the remote IP addresses no difference.

[Wisanggeni]

Ah, I see...
Thanks, Egemen.

[zorank]

(4) is solicited because (2) said "OK, come on in". That and the fact that you had an explicit rule that allowed the initial SYN in.

Ewen :-)

Hmmm... I see now. Happily jumping around filled with joy of life and a little extra understanding.

Many thanks!!!

Zoran

[panic]

Hmmm... I see now. Happily jumping around filled with joy of life and a little extra understanding.

Many thanks!!!

Zoran

LOL. Doesn't take much to float your boat, Zoran. 

[Tags:]