Blocking an application from accessing a zone does not work

I have two separate internet connections from my computer - one through wireless and one through an ethernet port. I’m trying to force an application to use only the ethernet port so I created an “ethernet only” policy (block tcp+udp going in or out where destination=wireless zone) and then applied it to the application in question making sure it was the topmost rule for that application.
Unfortunately, this does nothing. Even with the ethernet port disabled the application continues to communicate with the Internet, presumably over the wireless connection.
Any help would be greatly appreciated!
thanks.

Hi 7nt, welcome to the forums.

Do you have 2 rules (one for each direction) or is this a single bi-directional rule?

Block TCP+UDP IN/OUT where Destination=wireless zone will not work, since the meaning of “Destination” changes depending on the direction of the traffic.

Thanks Kail for your quick response. I did have one rule. So now I’ve created two rules:

  1. Block IN traffic from zone=wireless to any IP address for TCP+UDP
  2. Block OUT traffic from any IP address to zone=wireless for TCP+UDP
    Still, no go. My application still merrily accesses the wireless zone.

Thanks for your help,
7nt

Because your trying to force an application (which I’m not sure “force” will work like that btw, I guess it depends on the App & Windows) to use one Zone rather than another Zone… are your rules on the actual application (Application Rules) or in the Global Rules?

I use a similar Global rule myself, to stop my wired LAN reaching out to the Internet. I don’t bother with the IN direction in my case since that cannot really happen (CIS will catch any spoofing attempts).

I defined a Zone called LAN (containing my LAN components) & I used the “Exclude” (NOT IN or !=) function.

Global Rule: Block & Log IP All - OUT - Where Source = LAN and Destination != LAN.

This is an application rule. Arrgh. All I want to do is prevent one particular application from using one particular network interface. Should be really simple, instead it’s really frustrating. Are there any Comodo dudes reading these forums?

Thanks again for your help!
7nt

Hey, I had the same problem, and I think I figured it out–I had to change the order of the “allow” rules for the application in question so that they were under the “block” rules in the COMODO Network Security Policy settings. See the attached image if it’s not clear what I mean.

[attachment deleted by admin]