Today I set the firewall rules to “Block all mode” to stop somebody accessing my laptop(network shares over the normal Windows Explorer, so no hacker or experienced user or so). But this didn’t help! I also set a global rule “Block, IP, In/Out, Any, Any, Any”, but this also didnt help and I could also access Internet as if there wasn't any Firewall and also no alarts on new programs accessing the Internet. D+ and Comodo Antivirus is working normal and giving alarts. Im sure it’s no Virus because I make a regular Virusscan (also from LiveCD) and only run programs on my Laptop which I really need.
To my system:
Laptop (Dell)
Windows Vista Ultimate SP2 32Bit
Security installed: Comodo CIS 3.8.65951.477 (Firewall, D+, Antivirus), Antivirus was installed later because I had Avira AntiVir before
Network adapters:
LAN
WLAN
Bluetooth
2 * VPN
OpenVPN
I hope you can help me, because I was happy with Comodo until now.
Edit:
I just noticed that I can only connect to my companies vpn if it’s not set to “Block all mode” ???
Further investigation revealed that the rules only apply to connections on the VPN
I made some testing and the VPN is the only connection the firewallrules are applied.
Anybody having a clue what’s wrong?
I finally made a complete clean reinstall of CIS and it works now. But it would be still interesting why it suddenly stopped working because that’s an security problem.
Possibly the location of the Block All rule in the list?
It was on the first position. Additionally the “Block All Mode” was on. So would have expected that all network-traffic would have been blocked.
I have another question: I have to be fully accessable in my home-network(sharings, some services,…) but I want to be protetected from incoming connections in the WLAN at work which is unprotected. Normally I would have done this by IP-filtering with networkzones but the problem is that their DHCP uses the whole IP-adress-ranges for private use (192.168.0.0/16 and 10.0.0.0/8). Is there a way to easily change the range of networkzones for example if you are in another network?
Yes.
Your networks are already defined (recognized by CIS) I can presume?
I’d use Stealth Ports Wizard. Select the second option. This will allow all computers in your network to access you, and block everything coming in from the wild (WLAN/Internet).
I’ll try it. The problem is as said hidden in the overlapping IP-Ranges
I have the following zones:
Home1: 10.0.0.0/24 (LAN)
Home2:192.168.1.0/24 (WLAN)
Work1:10.0.0.0/8
Work2:192.168.0.0/16
(Depending from which WLAN-Router I get the signal)
I want to be accessibly in both home-networks but not at work, there I only want to be a client.
So I have to avoid static rules and only use dynamic (not-remembered) rules
Hi CIS-User,
Define your Home network by the MAC addresses of your various hardware.
So at top of Global rules would be IP in out your Home zone by MAC’s.
Next your normal stealth or whatever control rules you want by the IP’s.
Hope this helps.
Bad
Thanks! I have overseen this option with MAC-addresses, that’s a good idea!
One question: Is it advicable to put the MAC of the router onto that list or not, because at incoming packets from the internet the MAC address is exchanged by that of the router and that rules would also be applied to packets from the internet, wouldn’t they?
Your router should just drop all unsolicited internet packets because there in no entry in the NAT table.
You would need the router on the list for all your stuff, DHCP, etc. to work without a hitch.
Thanks, your help was very helpful! I only added a rule for the dNAT entry additionally to your advice.