Block ip problem on comodo firewall v3

kordero · March 17, 2009, 5:36am

hello

im trying to setup comodo firewall v3.8.6 in my network.

this network got 5 computers with the following ip:

pc1: 192.168.1.1
pc2: 192.168.1.2
pc3: 192.168.1.3
pc4: 192.168.1.4
pc5: 192.168.1.5

im trying to setup this firewall to block all communication from pc2 and pc4 to access pc1 (where the firewall is installed).

To do this, i block both ips(pc2, pc4) but when i do that, after apply, i cant access in all network to 192.168.1.1 (pc1).

the strange thing is… when i JUST block one of them (pc2 OR pc4) i can access from one of them.

but i want to block both not just one working…

http://img16.imageshack.us/img16/4060/comodov3pic1.jpg

http://img25.imageshack.us/img25/6034/comodov3pic2.jpg

im searching about this… a google too but now i really need some help to know what im doing wrong, if someone be nice to assist me ofc

rhgtyink · March 17, 2009, 7:38am

Hello Kordero,

I would create a global rule to establish your wish, create a Normal Zone with both pc’s in it.
Now open the Network Policy and go to the global tab, create a new rule and make it:

Block, IP, Incoming, Src Zone = “Zone you just created”, Dst = Any, IP Details = Any.

Make sure this one is the first rule and that should work, you can use the log option to check if it’s working…

kordero · March 17, 2009, 11:46am

thanks ronny, working now like u say

rhgtyink · March 17, 2009, 1:37pm

Glad it works, however I’m wondering if where doing something wrong here or that there is a bug…

In the screen shot you show “IP NOT in 192.168” Can you put both computers you wish to block to access this one in a blocked zone but don’t use the “Not” option ? That should work also.

thejoedoe · March 17, 2009, 2:23pm

wait a moment
you want to block the 192.168.1.2/4 wright?

Your are saying to block everything that it is not in 192.168.1.2/4

I think what you want is “IP in 192.168.1.2”, because this is the “My Blocked Network” window

kordero · March 17, 2009, 4:31pm

i want to block the 192.168.1.2/24 and 192.168.1.4/24, dont know if im confused about ur quote but thats it

this is working right know like ronny said, using network policy, global tab. easy and fast.

i try a lot of setups, i know a bit of cisco routers setup, but im not comparing ofc. the strange thing its just if i block just one ip or mac address this works perfectly…
when i block >= 2 ips this just bugged maybe… all network cant access this pc with the ip 192.168.1.1 (where the firewall is installed).

i try all this in vmware with 5 virtual machines… all with windows xp service pack 2.

however this problem happen in real machine aswell, but just using “My Blocked Network”. if i use global tab in network policy this works pretty fine.

kordero · March 17, 2009, 4:34pm

i try that aswell, and i have the same problem. all network was blocked to access this computer (192.168.1.1)

thejoedoe · March 17, 2009, 4:51pm

when I say 192.168.1.2/4 I mean 192.168.1.2 and 192.168.1.4

By configuring your firewall as it is in those images you are blocking all traffic that as a source other than 192.168.1.2 or 192 .168.1.4, i think

So try to uncheck the exclude

rhgtyink · March 17, 2009, 8:06pm

It’s not an extended access-list would you like to run CBAC on your pc >:-D

kordero · March 17, 2009, 8:31pm

ye ronny heh