Comodo Firewall - rule allow certain apps only locally

Tom_K · March 11, 2023, 8:37pm

Hello community ,

I have a question about Comodo Firewall 12.2.2.8012.

Is there any way that I can create a rule that can then be applied to individual applications?

I want to create a rule that allows certain apps to connect only locally, but not to the internet.

Ideally so that the rule does not only work in a specific network with IP range e.g. 192.168.2.x, but works in all local IP ranges, so it does not matter if I am at home with IP range 192.168.2.x or in another network that uses e.g. 192.168.9.x.

Thank you very much for your help.

With kind regards,
Tom

domo78 · March 12, 2023, 10:59am

this might help

Tom_K · March 14, 2023, 12:18pm

hello domo78,

thank you very much for your answer and the screenshots. I tried to translate them to understand what you did. But unfortunately I can’t derive the necessary steps or I don’t understand what I have to do.

I don’t understand why I should do something with loopback 127.0.0.1 when I want to create a rule that allows certain applications to connect only locally (LOCAL AREA NETWORK) but not to the Internet.

Thank you.

Regards,
Tom

domo78 · March 14, 2023, 4:12pm

Hello Tom_K,

When you install CIS, CIS creates a Home #1 network zone:

Priority rules for outgoing traffic

You can create an application rule “Access to Home #1” containing 2 rules :

the first one allowing access to Home #1 (Destination address)
the second one blocking other accesses

Then assign this application rule to the programs whose access to the local network you want to limit.

I am not a network specialist. With this restriction, perhaps to be more general it would be possible to create a rule with as destination address @ IP of beginning 192.168.0.0 and as @ IP of end 192.168.255.255

For translation you can use: DeepL Translate: The world's most accurate translator

Tom_K · March 23, 2023, 11:09pm

Hello domo78,

thank you very much for the detailed answer. I finally had some time to test your tips and steps. I managed to get the LAN rule outgoing to work for a specific network zone (e.g. 192.168.2.x).

I could also define a network zone 192.168.0.0 to 192.168.255.255 to apply the LAN rule outgoing, but this has the disadvantage that the automatic detection of new private networks stops and all networks in this zone are treated with the same profile, e.g. WORK or PUBLIC.

If you or someone else knows a solution, that would be nice.

Anyway, thank you for your support.

It definitely helped me implement it in my specific network zone.

Greetings,
Tom_K