Comodo Firewall - rule allow certain apps only locally

Hello community :handshake:,

I have a question about Comodo Firewall

Is there any way that I can create a rule that can then be applied to individual applications?

I want to create a rule that allows certain apps to connect only locally, but not to the internet.

Ideally so that the rule does not only work in a specific network with IP range e.g. 192.168.2.x, but works in all local IP ranges, so it does not matter if I am at home with IP range 192.168.2.x or in another network that uses e.g. 192.168.9.x.

Thank you very much for your help.

With kind regards,

this might help

hello domo78,

thank you very much for your answer and the screenshots. I tried to translate them to understand what you did. But unfortunately I can’t derive the necessary steps or I don’t understand what I have to do.

I don’t understand why I should do something with loopback when I want to create a rule that allows certain applications to connect only locally (LOCAL AREA NETWORK) but not to the Internet.

Thank you.


Hello Tom_K,

When you install CIS, CIS creates a Home #1 network zone:

Priority rules for outgoing traffic

You can create an application rule “Access to Home #1” containing 2 rules :

  • the first one allowing access to Home #1 (Destination address)
  • the second one blocking other accesses

Then assign this application rule to the programs whose access to the local network you want to limit.

I am not a network specialist. With this restriction, perhaps to be more general it would be possible to create a rule with as destination address @ IP of beginning and as @ IP of end

For translation you can use: DeepL Translate: The world's most accurate translator

1 Like

Hello domo78,

thank you very much for the detailed answer. I finally had some time to test your tips and steps. I managed to get the LAN rule outgoing to work for a specific network zone (e.g. 192.168.2.x).

I could also define a network zone to to apply the LAN rule outgoing, but this has the disadvantage that the automatic detection of new private networks stops and all networks in this zone are treated with the same profile, e.g. WORK or PUBLIC.

If you or someone else knows a solution, that would be nice.

Anyway, thank you for your support.

It definitely helped me implement it in my specific network zone.