Blocking IPs Tutorial

[pandlouk]

Since CFP has statefull inspection of the packets there are two rules for blocking IPs; 1 for blocking outgoing connections and 1 for blocking incoming connections.

1.Blocking outgoing connections
(this rule will prevent your computer to initiate a connection with a banned IP)

Action = Block
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = The IP you want to block
Source port = Any
Destination port = Any

2.Blocking incoming connections
(this rule will prevent a banned IP to initiate a connection with your computer)

Action = Block
Protocol = TCP or UDP
Direction = In
Source IP = The IP you want to block
Destination IP = Any
Source port = Any
Destination port = Any

If you want to ban someone in p2p you will need the second rule.
If you want to prevent any comunication with a banned IP both rules are needed

hope it helps,
Panagiotis

[Rucia]

Great idea - this should help a lot of people 

Just to clarify, do these block rules need to appear below any allow rules?  Or doesn't it matter?

[panic]

Great idea - this should help a lot of people 

Just to clarify, do these block rules need to appear below any allow rules?  Or doesn't it matter?

If you are blocking specific IPs they need to appear ABOVE any allow rule that would permit the specificed IPs traffic.

Cheers,
Ewen :-)

[Rucia]

Good stuff.  Thanks for clearing that up

[fuziwuzi]

If you want to completely ban an IP address, using any protocol, instead of using the TCP or UCP, specify IP, then just put in the offending IP address.

[ryanplex]

Instead of making 2 diffrent rules cant you just combine them into one rule with the direction bieng in/out?

[panic]

Instead of making 2 diffrent rules cant you just combine them into one rule with the direction bieng in/out?

No you can't, as for inbound rules, the other party is the source, for outbound rules the other party is the destination.

You can't put the same address in for source and destination as the firewall would then test if the one chunk of data was coming from X and going to X and as the data (assuming it was incoming) was coming from X but going to your IP, it would fail the block test and the data would then possibly be passed by one of the other firewall rules.

Hope this helps,
Ewen :-)

[gordon]

Is there a limit to how many rules Comodo can handle
and does resource-usage increase with more rules ?
I want to block about hundred ranges both in/out, should I use a third-party IP-blocker for that ?
 

[Someone]

Is there a limit to how many rules Comodo can handle
and does resource-usage increase with more rules ?
I want to block about hundred ranges both in/out, should I use a third-party IP-blocker for that ?
 

Yes Pandlouk, how do you get out of this? 

[chuck_pa]

Just use PeerGuardian www.phonixlabs.org. Thats what I use and I'v had no problem with it,
I'v been using it for yrs. I use it on xp, I'm not sure if it works on vista tho.

[chuck_pa]

oope I fotgot the e its www.phoenixlabs.org

[frazzled]

oope I fotgot the e its www.phoenixlabs.org

can also download from sourceForge:
http://sourceforge.net/projects/peerguardian/
or
http://peerguardian.sourceforge.net

Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org
ref:
http://www.gnutellaforums.com/archive/index.php/t-45357.html
http://slyck.com/forums/viewtopic.php?t=14191
http://forums.phoenixlabs.org/

[gordon]

Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org
ref:
http://www.gnutellaforums.com/archive/index.php/t-45357.html
http://slyck.com/forums/viewtopic.php?t=14191
http://forums.phoenixlabs.org/

that is BAD advice :
first, the story you link to is kinda old.
the internal kindergarden-affairs of blocklist.org and/or methlabs (what a name ! )
have no bearing whatsoever on the blocklists themselves ,
ALL the lists generally available are  made and maintained by BISS (bluetack)
everybody else are just leaching them .

second, it sounds like you are suggesting that people should make their own lists from scratch ?.
WHY ? somebody has already done the research and blacklisted DoD, Halliburton, MAFIAA, M$
and all the other corporate crooks. Do you realise how many IP's there are that have NOTHING
to do trying to connect to your machine ? good luck researching them on your own ...

[Someone]

I'd agree with Gordon, PG2 is blocking as of today 739.142.241 IP's...

[frazzled]

that is BAD advice :
first, the story you link to is kinda old.
the internal kindergarden-affairs of blocklist.org and/or methlabs (what a name ! )
have no bearing whatsoever on the blocklists themselves ,
ALL the lists generally available are  made and maintained by BISS (bluetack)
everybody else are just leaching them .

second, it sounds like you are suggesting that people should make their own lists from scratch ?.
WHY ? somebody has already done the research and blacklisted DoD, Halliburton, MAFIAA, M$
and all the other corporate crooks. Do you realise how many IP's there are that have NOTHING
to do trying to connect to your machine ? good luck researching them on your own ...

With regard to the blocklists, the "bearing whatsoever" is this:
Nowadays, most links to download copies of the project-maintained lists are broken
-=-
The principal owner, or one of the principlal owners, of "methlabs" is steering people to blocklist.org with the intent of SELLING subscription access to the updated blocklists.

Someone else brought up PeerGuardian, so I felt compelled to post a caveat regarding the "pre-built" blocklists in circulation

Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org

I advised *against* using a pre-defined blocklist.
Yes, I'm ABSOLUTELY recommending building your own list *from scratch* one IP at a time, rather than pursuing the alternative of cluttering the Comodo firewall ruleset.

Yes, I'm ABSOLUTELY recommending against use of the pre-built lists -- they are just plain silly (to the point of being unusable). Most websites reside on shared servers, and in that hosting environment, most domains share IPs. You need to be EXTREMELY selective when choosing which IPs to block, else you wind up cutting off yer nose to spite yer face.

I don't use P2P filesharing apps, and have no opinion as to which IPs reflect those of "corporate crooks", but I sure as hell would disagree that the blocklists are "well-researched". The list designers  are truly misguided / paranoid / overzealous; here's a single f'rinstance (among many):

Apparently due to the author(s) zeal toward blocking "Time Warner Communications", one of the blocklist entries -- a single line -- has the effect of blocking 13,000+ websites hosted by (largely colo boxes racked in) the Portland, Oregon TWC datacenter.

"well-researched"
More like "ill-conceived" IMO