Since CFP has statefull inspection of the packets there are two rules for blocking IPs; 1 for blocking outgoing connections and 1 for blocking incoming connections.
1.Blocking outgoing connections
(this rule will prevent your computer to initiate a connection with a banned IP)
Action = Block
Protocol = TCP or UDP
Direction = Out
Source IP = Any
Destination IP = The IP you want to block
Source port = Any
Destination port = Any
2.Blocking incoming connections
(this rule will prevent a banned IP to initiate a connection with your computer)
Action = Block
Protocol = TCP or UDP
Direction = In
Source IP = The IP you want to block
Destination IP = Any
Source port = Any
Destination port = Any
If you want to ban someone in p2p you will need the second rule.
If you want to prevent any comunication with a banned IP both rules are needed
If you want to completely ban an IP address, using any protocol, instead of using the TCP or UCP, specify IP, then just put in the offending IP address.
No you can’t, as for inbound rules, the other party is the source, for outbound rules the other party is the destination.
You can’t put the same address in for source and destination as the firewall would then test if the one chunk of data was coming from X and going to X and as the data (assuming it was incoming) was coming from X but going to your IP, it would fail the block test and the data would then possibly be passed by one of the other firewall rules.
Is there a limit to how many rules Comodo can handle
and does resource-usage increase with more rules ?
I want to block about hundred ranges both in/out, should I use a third-party IP-blocker for that ?
Just use PeerGuardian www.phonixlabs.org. Thats what I use and I’v had no problem with it,
I’v been using it for yrs. I use it on xp, I’m not sure if it works on vista tho.
that is BAD advice :
first, the story you link to is kinda old.
the internal kindergarden-affairs of blocklist.org and/or methlabs (what a name ! )
have no bearing whatsoever on the blocklists themselves , ALL the lists generally available are made and maintained by BISS (bluetack)
everybody else are just leaching them .
second, it sounds like you are suggesting that people should make their own lists from scratch ?.
WHY ? somebody has already done the research and blacklisted DoD, Halliburton, MAFIAA, M$
and all the other corporate crooks. Do you realise how many IP’s there are that have NOTHING
to do trying to connect to your machine ? good luck researching them on your own …
With regard to the blocklists, the “bearing whatsoever” is this:
Nowadays, most links to download copies of the project-maintained lists are broken
-=-
The principal owner, or one of the principlal owners, of “methlabs” is steering people to blocklist.org with the intent of SELLING subscription access to the updated blocklists.
Someone else brought up PeerGuardian, so I felt compelled to post a caveat regarding the “pre-built” blocklists in circulation
Although I recommend PeerGuardian as a solid/stable app, I recommend against using someone else's pre-defined blocklist ~~ esp the list(s) distributed via blocklist.org
I advised against using a pre-defined blocklist.
Yes, I’m ABSOLUTELY recommending building your own list from scratch one IP at a time, rather than pursuing the alternative of cluttering the Comodo firewall ruleset.
Yes, I’m ABSOLUTELY recommending against use of the pre-built lists – they are just plain silly (to the point of being unusable). Most websites reside on shared servers, and in that hosting environment, most domains share IPs. You need to be EXTREMELY selective when choosing which IPs to block, else you wind up cutting off yer nose to spite yer face.
I don’t use P2P filesharing apps, and have no opinion as to which IPs reflect those of “corporate crooks”, but I sure as hell would disagree that the blocklists are “well-researched”. The list designers are truly misguided / paranoid / overzealous; here’s a single f’rinstance (among many):
Apparently due to the author(s) zeal toward blocking “Time Warner Communications”, one of the blocklist entries – a single line – has the effect of blocking 13,000+ websites hosted by (largely colo boxes racked in) the Portland, Oregon TWC datacenter.
“well-researched”???
More like “ill-conceived” IMO
Close to a necro-bump but anyway:
If the banesbans are only for browsing the HOSTS Manager would be the better way imho.
It’s listed under free tools here: https://forums.comodo.com/index.php/topic,1731.0.html
(A Bluetack-product as well)
Most block lists software have the option to white list any address you want. This combination ensures that you are able to reach the site you want to. Personally I think these lists are a good and time saving idea as opposed to creating your own. And it’s nothing new either. In the beginning days of spam, net blocks where used to cut off entire ranges to punish a Spam host. Sometimes innocent users where locked out from sending/receiving email by this. But it worked fine to prevent these hosts from housing spammers.
