Author Topic: Blocking IPs Tutorial  (Read 46510 times)

Offline pandlouk

  • I love Comodo
  • Comodo's Hero
  • *****
  • Posts: 2240
  • Retired Mod
Blocking IPs Tutorial
« on: January 09, 2007, 01:44:39 AM »
Since CFP has statefull inspection of the packets there are two rules for blocking IPs; 1 for blocking outgoing connections and 1 for blocking incoming connections.

1.Blocking outgoing connections
(this rule will prevent your computer to initiate a connection with a banned IP)

Action = Block
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = The IP you want to block
Source port = Any
Destination port = Any

2.Blocking incoming connections
(this rule will prevent a banned IP to initiate a connection with your computer)

Action = Block
Protocol = TCP or UDP
Direction = In
Source IP = The IP you want to block
Destination IP = Any
Source port = Any
Destination port = Any

If you want to ban someone in p2p you will need the second rule.
If you want to prevent any comunication with a banned IP both rules are needed


hope it helps,
Panagiotis

Offline Rucia

  • Comodo Family Member
  • ***
  • Posts: 70
Re: Blocking IPs Tutorial
« Reply #1 on: January 09, 2007, 05:55:36 AM »
Great idea - this should help a lot of people  :)

Just to clarify, do these block rules need to appear below any allow rules?  Or doesn't it matter?

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11826
  • Linux is free only if your time is worthless.;-)
Re: Blocking IPs Tutorial
« Reply #2 on: January 09, 2007, 06:46:32 AM »
Great idea - this should help a lot of people  :)

Just to clarify, do these block rules need to appear below any allow rules?  Or doesn't it matter?

If you are blocking specific IPs they need to appear ABOVE any allow rule that would permit the specificed IPs traffic.

Cheers,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline Rucia

  • Comodo Family Member
  • ***
  • Posts: 70
Re: Blocking IPs Tutorial
« Reply #3 on: January 09, 2007, 07:08:48 AM »
Good stuff.  Thanks for clearing that up

Offline fuziwuzi

  • Newbie
  • *
  • Posts: 9
Re: Blocking IPs Tutorial
« Reply #4 on: January 21, 2007, 08:20:28 AM »
If you want to completely ban an IP address, using any protocol, instead of using the TCP or UCP, specify IP, then just put in the offending IP address.

Offline ryanplex

  • Newbie
  • *
  • Posts: 3
Re: Blocking IPs Tutorial
« Reply #5 on: January 24, 2007, 02:57:17 AM »
Instead of making 2 diffrent rules cant you just combine them into one rule with the direction bieng in/out?

Offline panic

  • Global Moderator
  • Comodo's Hero
  • *****
  • Posts: 11826
  • Linux is free only if your time is worthless.;-)
Re: Blocking IPs Tutorial
« Reply #6 on: January 24, 2007, 03:06:06 AM »
Instead of making 2 diffrent rules cant you just combine them into one rule with the direction bieng in/out?

No you can't, as for inbound rules, the other party is the source, for outbound rules the other party is the destination.

You can't put the same address in for source and destination as the firewall would then test if the one chunk of data was coming from X and going to X and as the data (assuming it was incoming) was coming from X but going to your IP, it would fail the block test and the data would then possibly be passed by one of the other firewall rules.

Hope this helps,
Ewen :-)
As your mums would say, "If you can't play nice with all the other kiddies, go home".
All users are asked to please read and abide by the  Comodo Forum Policy.
If you can't conform, don't use the forum.

Offline gordon

  • Comodo's Hero
  • *****
  • Posts: 251
Re: Blocking IPs Tutorial
« Reply #7 on: April 03, 2007, 03:09:06 PM »
Is there a limit to how many rules Comodo can handle
and does resource-usage increase with more rules ?
I want to block about hundred ranges both in/out, should I use a third-party IP-blocker for that ?
 

Someone

  • Guest
Re: Blocking IPs Tutorial
« Reply #8 on: April 03, 2007, 05:03:42 PM »
Is there a limit to how many rules Comodo can handle
and does resource-usage increase with more rules ?
I want to block about hundred ranges both in/out, should I use a third-party IP-blocker for that ?
 
Yes Pandlouk, how do you get out of this?  ;D

Offline chuck_pa

  • Newbie
  • *
  • Posts: 2
Re: Blocking IPs Tutorial
« Reply #9 on: April 04, 2007, 11:50:38 AM »
Just use PeerGuardian www.phonixlabs.org. Thats what I use and I'v had no problem with it,
I'v been using it for yrs. I use it on xp, I'm not sure if it works on vista tho.

Offline chuck_pa

  • Newbie
  • *
  • Posts: 2
Re: Blocking IPs Tutorial
« Reply #10 on: April 04, 2007, 11:52:18 AM »
oope I fotgot the e its www.phoenixlabs.org

Offline frazzled

  • Comodo Member
  • **
  • Posts: 48
Re: Blocking IPs Tutorial
« Reply #11 on: April 22, 2007, 10:18:05 PM »
oope I fotgot the e its www.phoenixlabs.org

can also download from sourceForge:
http://sourceforge.net/projects/peerguardian/
or
http://peerguardian.sourceforge.net

Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org
ref:
http://www.gnutellaforums.com/archive/index.php/t-45357.html
http://slyck.com/forums/viewtopic.php?t=14191
http://forums.phoenixlabs.org/

Offline gordon

  • Comodo's Hero
  • *****
  • Posts: 251
Re: Blocking IPs Tutorial
« Reply #12 on: April 30, 2007, 08:39:26 AM »
Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org
ref:
http://www.gnutellaforums.com/archive/index.php/t-45357.html
http://slyck.com/forums/viewtopic.php?t=14191
http://forums.phoenixlabs.org/

that is BAD advice :
first, the story you link to is kinda old.
the internal kindergarden-affairs of blocklist.org and/or methlabs (what a name ! )
have no bearing whatsoever on the blocklists themselves ,
ALL the lists generally available are  made and maintained by BISS (bluetack)
everybody else are just leaching them .


second, it sounds like you are suggesting that people should make their own lists from scratch ?.
WHY ? somebody has already done the research and blacklisted DoD, Halliburton, MAFIAA, M$
and all the other corporate crooks. Do you realise how many IP's there are that have NOTHING
to do trying to connect to your machine ? good luck researching them on your own ...

Someone

  • Guest
Re: Blocking IPs Tutorial
« Reply #13 on: April 30, 2007, 09:42:22 AM »
I'd agree with Gordon, PG2 is blocking as of today 739.142.241 IP's...

Offline frazzled

  • Comodo Member
  • **
  • Posts: 48
Re: Blocking IPs Tutorial
« Reply #14 on: May 01, 2007, 01:36:58 AM »
that is BAD advice :
first, the story you link to is kinda old.
the internal kindergarden-affairs of blocklist.org and/or methlabs (what a name ! )
have no bearing whatsoever on the blocklists themselves ,
ALL the lists generally available are  made and maintained by BISS (bluetack)
everybody else are just leaching them .


second, it sounds like you are suggesting that people should make their own lists from scratch ?.
WHY ? somebody has already done the research and blacklisted DoD, Halliburton, MAFIAA, M$
and all the other corporate crooks. Do you realise how many IP's there are that have NOTHING
to do trying to connect to your machine ? good luck researching them on your own ...

With regard to the blocklists, the "bearing whatsoever" is this:
Nowadays, most links to download copies of the project-maintained lists are broken
-=-
The principal owner, or one of the principlal owners, of "methlabs" is steering people to blocklist.org with the intent of SELLING subscription access to the updated blocklists.

Someone else brought up PeerGuardian, so I felt compelled to post a caveat regarding the "pre-built" blocklists in circulation

Quote
Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org

I advised *against* using a pre-defined blocklist.
Yes, I'm ABSOLUTELY recommending building your own list *from scratch* one IP at a time, rather than pursuing the alternative of cluttering the Comodo firewall ruleset.

Yes, I'm ABSOLUTELY recommending against use of the pre-built lists -- they are just plain silly (to the point of being unusable). Most websites reside on shared servers, and in that hosting environment, most domains share IPs. You need to be EXTREMELY selective when choosing which IPs to block, else you wind up cutting off yer nose to spite yer face.

I don't use P2P filesharing apps, and have no opinion as to which IPs reflect those of "corporate crooks", but I sure as hell would disagree that the blocklists are "well-researched". The list designers  are truly misguided / paranoid / overzealous; here's a single f'rinstance (among many):

Apparently due to the author(s) zeal toward blocking "Time Warner Communications", one of the blocklist entries -- a single line -- has the effect of blocking 13,000+ websites hosted by (largely colo boxes racked in) the Portland, Oregon TWC datacenter.

"well-researched"???
More like "ill-conceived" IMO

 

Free Endpoint Protection
Seo4Smf 2.0 © SmfMod.Com Smf Destek