Block mac adress

We are running comodo firewall on a windows 7 computer. The computer has 2 VLAN networks that we would like to separate. The 2 VLAN networks appear as 2 separate network connections in Windows. One is used for the host os and the other with a virtual machine running on VMWare Server. We want to block the mac adress of the VMWare card from accessing the Host network card. And the other way around. How would we implement these firewall rules?

We have comodo firewall on both the host and virtual machine.

Best regards,

So you have the host adapter setup to trunk both vlan’s by letting the OS tag them?

Yes. The OS is tagging both adapters. VLAN10 and VLAN 20.

But I think we had a problem with our rules, we will do some more testing today because it might be working now. I will let get back to you.


Our coniguration file.

[attachment deleted by admin]

Our aim is to prevent mac spoofing on the network.

In our setup we have all IP addresses on the same subnet. Our configuration is trying to block what is refered to as MAC3 below.

mac1:ip1 sending to mac2:ip2. works and is allowed.
mac3:ip3 sending to mac2:ip2. Not allowed. Mac3 is blocked successfully.

In this scenario we are able to bypass the firewall:
mac1:ip1 sending to mac2:ip2. Works and is allowed.
Seconds later:
mac3:ip1 sending to mac2:ip2. Works despite that mac3 should be blocked in the configuration.

See configuration file attached in the previous post.

Can I assume by that that it’s not working?

The problem is probably in the VM internals, as it probably runs over the “Windows Operating System” rules.
But as the traffic from one Vlan needs to be routed over the other you should be able to block traffic from Vlan 10 <-> Vlan 20… The internal VM communication I’m not sure if that can be blocked by CIS atm.

All ip’s in the same subnet? where does that leave Vlan10 and 20 then?

Sorry. During these tests we did not use VLAN nor any VM.

We wanted to ensure that the mac blocking was working on an easy example at first.

So let me rephrase here:

First test MAC3 is using IP3 and is blocked because of it’s MAC in the global rules of Host2
First test also causes IP1 to be registered in the FW state-table for Host2 because of the allow.
Second test uses MAC3+IP1 to access Host2 and is now allowed?

If so, can you re-try and make sure IP1 has had no previous access to Host2.
If that manages to block things there is an issue with the MAC v.s. state-tables allowing the traffic based on the previously allowed IP1 traffic regardless of the MAC used.

You have understood it correctly.

However we feel that the traffic’s mac address should always be checked for mac3 regardless of previous traffic and regardless of what ip mac3 is connecting from. Can that be achived?

Agree as MAC comes first, sounds like a bug to me. Please note I’m not Comodo Staff, just a forums volunteer trying to help.

Could you please post a bug report here:

And please try to conform to his WHY WE ASK YOU TO FOLLOW THESE GUIDELINES

Bugs/issues can be impossible or very time consuming to fix if developers don’t have enough information to reproduce them. Since CIS is free, development time is limited. So if you want your issue fixed, please use the format below to describe it. Further explanation regrading why we ask the questions we do, and why we use a standard format is here.

To avoid clutter, issues not described in the format below your post will not be moved to the ‘moderator verified’ issues topic. This means that the developers may not look at it.

Thanks a lot for your help Ronny. We will continue with more testing tomorrow and if we cannot solve this then we will write a bug report.