Howdy people,
I’ve installed Comodo today on this computer, and I’m trying to set it up so that a paticular range of IP’s on my LAN are blocked from talking to this computer. My understanding is that defining the range under Blocked Zones in the Network Security Policy is the way to go about this.
So I’ve added a record under Blocked Zones which says “IP in [47.0.0.7 - 47.0.0.99]”. I have a laptop which for the sake of testing this out is 47.0.0.8 and has no firewall installed, but despite the rule being in place I’m currently using the laptop to watch an HD video file which is on this computer (at 47.0.0.2 if it matters). Unfortunatly the idea here is to block that kind of thing.
I can’t even figure out where the connection is under the summary screen, there are 0 inbound connections and this is while the movie is playing. Of the 15 outbound connections, none of them have sent more than a few KB, certainly not enough to share the movie.
Hitting “stop all traffic” or switching the firewall mode to “block all” does put a stop to the sharing, but for obvious reasons that’s not a solution.
I’ve also tried creating a Global Rule along the lines of:
Action = Block
Protocol = TCP or UDP
Direction = In/Out
Source Address = IPv4 address range, 47.0.0.7 - 47.0.0.99
Destination Address, Source Port and Destination Port = Any
Still doesn’t block sharing the pc’s stuff with the laptop.
Any ideas on how I can do this?
Change the Global Rule to:
Action: Block
Protocol: IP
Direction: Out
Source Address: Any (or IP address if you have a fixed IP address)
Destination Addres: IPv4 range from 47.0.0.7 - 47.0.0.99
IP Details: Any
Does that do the trick for you?
On a side note. You are mentioning you are on a LAN but the IP addresses are public addresses.
I presume the idea here is to stop 47.0.0.2 sending anything out to the address range, but no it doesn’t work either.
So, I now have 6 Global Rules in total, all set up on the 47.0.0.2 machine.
The first three have:
Source Address: Any
Destination Addres: IPv4 range from 47.0.0.7 - 47.0.0.99
One for each TCP/UDP, IP and ICMP.
The second three have:
Source Address: IPv4 range from 47.0.0.7 - 47.0.0.99
Destination Addres: Any
One for each TCP/UDP, IP and ICMP.
I think I’ve found something though, process explorer shows the actual connection being made is an IPv6 connection, which might explain why IPv4 rules arn’t touching it. Gonna try disabling IPv6 on 47.0.0.2 and experiment a little with it. Will post back likely tomorrow.
Well, that took all of 2 minutes. In short, YES!
Disabling IPv6 on 47.0.0.2 allows me to use IPv4 rules to control what can come in and out, network shares now work on the computers I want them to and in the 47.0.0.7 - 47.0.0.99 range they don’t show up at all. Exactly what I was after.
Ideally of course I’d prefer to keep IPv6 active as it seems certain networking features (homegroups for example) rely on it. But it’s a small price to pay to make sure random people can’t access my public files willy nilly.
Edit: In fact, scratch that. I don’t even need those Global Rules, Blocking Zones works just fine now.