Blocking Single IP both IN/OUT

I want to block a single IP both IN and OUT. They have tried to use my email for spamming, I believe, because I got 3 pieces of rejected email I never sent from my email address on Sept 30. No more instances since, so the spammers may have “moved on” already to avoid detection. But I want to be safe & block their IP anyway. Guess they harvested my email from the only board I belong to that won’t take a disposable addy. (:AGY)I don’t go there anymore as of his episode. (:WIN)

I’m very new to Comodo FW. Attaching screenshot showing the two network rules I did. Was my thinking right on how to do these 2 rules and where in the rule heirarchy they needed to be moved to? I hope, after reading alot on the forum, I’m starting to understand the importance of “position” of each new rule.

[attachment deleted by admin]

Hello buttoni,

I would think this one should work: Action: [Block] Protocol: [TCP or UDP] Direction: [In/Out] Source IP: [Any] Destination IP: [72.73.102.85] Source Port: [Any] Destination Port: [Any]

This eliminates the need for two separate In/Out block rules for the same ip. It should be moved to the very top in your Network Monitor rules.

That should work!!

I gather you can add multiple IP’s to that rule? Or do you have to add a new rule for each IP?

cheers, rotty

An ip range could be used for one rule, but I think for multiple ip’s you would have to create separate rules for them, unless they all fell under the same network, in which case the ip range could still be used or ven the subnet mask option, but I’m not sure how to set those up.

You really need to have two separate rules, as the logic for IN/OUT rules is reallyonly applicable if the both apply to the same IP as source AND destination. Imagine we used the same parameters described above but in two separate rules :

ORIGINAL IN/OUT RULE
Action: [Block]
Protocol: [TCP or UDP]
Direction: [In/Out]
Source IP: [Any]
Destination IP: [72.73.102.85]
Source Port: [Any]
Destination Port: [Any]

If we apply this rule to outbound data it would be interpreted as
Action: [Block]
Protocol: [TCP or UDP]
Direction: [Out]
Source IP: [Any]
Destination IP: [72.73.102.85]
Source Port: [Any]
Destination Port: [Any]

This would successfully block traffic from your PC going to the blocked IP

If we apply this rule to inbound data it would be interpreted as
Action: [Block]
Protocol: [TCP or UDP]
Direction: [In]
Source IP: [Any]
Destination IP: [72.73.102.85]
Source Port: [Any]
Destination Port: [Any]

This would only block inbound traffic coming from ANY IP that was destined for the named IP.

I believe the two rules you need to have are as follows;

OUTBOUND
Action: [Block]
Protocol: [TCP or UDP]
Direction: [Out]
Source IP: [Any]
Destination IP: [72.73.102.85]
Source Port: [Any]
Destination Port: [Any]

INBOUND
Action: [Block]
Protocol: [TCP or UDP]
Direction: [In]
Source IP: [72.73.102.85]
Destination IP: [Any]
Source Port: [Any]
Destination Port: [Any]

I’d also set these two rules as rule 0 and rule 1.

Hope this helps,
Ewen :slight_smile:

Thanks ever so much Panic. Will do and will remember to set them to rule 0 and rule 1 position. Will your instructions & follow this guideline for any future single IP blocks I need to do (hopefully none).

Thank you panic! Now that makes complete sense, especially writing it all out like that. Oh well, I guess my theory on “killing two birds with one stone” doesn’t quite work :wink: