New computer running W7 x64 RTM. Installed Comodo firewall (v3.12), deactivated Defense+ (only want the firewall). Windows firewall is deactivated.
Everything seems to work, and I get popups for new applications that want to access the net. If I set the policy to “block all mode” it does block all, so the firewall is clearly able to filter the traffic.
However, I also want the ability to block certain host names and/or IPs, so I tried adding a global rule to do that. Problem is that it doesn’t work at all. Just to test, I tried blocking a big newspaper here in Norway (vg.no). I added a blocking rule that said to block all IP traffic (both inbound and outbound) to the host name vg.no, but nothing gets blocked. I can browse the site, and I can ping it from a command prompt. I then tried to block the IP-address to the site, but still the same result. No blocking whatsoever.
I’ve tried to move the blocking up and down in the list, but no difference. I can’t see that I am doing anything wrong, and it annoys me that this doesn’t work. Any insights?
This should work. As proof of concept, create a Global rule that blocks IP Out to Any and place it at the top of the list. This will prevent any further connections.
Whilst this is true, you may find the option of using ‘My Blocked Network Zones’ from the Common tasks in the firewall settings, more convenient.
Adding a global block all rule (like you suggested) works as it should, but as soon as I try to block a host name or a single IP it doesn’t work.
However, adding the same site to “My Blocked Network Zones” does work, so there is something very strange here.
Screenshots attached to show what I tried. For the global rule I added “vg.no” to both the source and the destination tabs, but it really doesn’t matter how I set it. It just refuses to block anything when set as a global rule.
In order to block access to vg.no you need to make a global rules to block outgoing IP traffic to IP address 195.88.55.16.
The reason why I think adding vg.no to host name does not work is that host name assumes a computer’s name. I tried to look up evidence for that in the CIS Help file but cannot find a conclusive answer.
I was quite sure I had tried blocking that IP with no success the other day, but today it works.
However, it is kinda strange that you cannot block by host name in the global rules, but you can use the same host name to block if you do it from the “My Blocked Network Zones”.
I also discovered that if I create a new network zone and add vg.no to that zone, I can block access by adding a global rule to block that zone.
Anyway, my issues can be worked around, so I’m satisified.
When testing these things always clean the browser’s cache before reloading the page. It may retrieve the page from cache.
However, it is kinda strange that you cannot block by host name in the global rules, but you can use the same host name to block if you do it from the "My Blocked Network Zones".
It is inconsistent. I have never noticed this before. Learned something new.
I also discovered that if I create a new network zone and add vg.no to that zone, I can block access by adding a global rule to block that zone.
Anyway, my issues can be worked around, so I’m satisified.