Using Win764, D-link router (Hardwired to router) Also a a wireless laptop, but for now, just questions for this set up.
Using the rules below, I control certain applications through the mac address on my virtual tap adapter.I had to make sure IPv6 is disabled.Even with these rules below, if you lose your vpn connection, IPv6 will start in a minute or two and override these rules.I used a reg hack to disable IPv6, and unchecked the adapters in network settings for IPv6.
I also block the most commonly hacked ports.My reasoning for doing this is explained below.When I look in firewall Events ports 135-139 are always getting blocked 445 is another port in question.I would rather have these ports blocked.
Rules: I control certain applications through the mac address.I cannont go online without being connected to my vpn.If my vpn connection is cut off, certain apps will stop immediately. (ie) Firefox, Utorrent ect…
A. Create a network zone, Get the MAC for the TAP-Win adapter
- (XP) Start / Run and type CMD, press enter.
(Win7) Start and type CMD, press enter. - You should see a black box called a DOS box with a blinking cursor.
- Type IPCONFIG /ALL
- Look in the mess of junk for the section that says TAP-Win32.
- You need the part that says Physical Address . . . . . . 00-??-??-??-??-??
- Leave this window open for now.
B. Create network zone, Add in Comodo
- In Comodo, goto Firewall / Advanced / Network Security Policy / My Network Zones
- Add / New Network Zone
- Name it BolehMAC (press apply)
- Select BolehMAC
- Add / New Address
- Choose “A MAC Address” and enter the Physical Address from earlier.
- You should see your new Zone with the New rule.
- Press OK.
C. Make a Pre-Defined Rule
-
Open Firewall / Advanced / Predefined Firewall Policies
-
Click ADD
-
Enter a Name, BolehOnly
-
Add…
Action: Allow
Protocol: IP
Direction: In
Source Address: Any
Destination Address: Zone / BolehMAC
Apply -
Add…
Action: Allow
Protocol: IP
Direction: Out
Source Address: Zone / BolehMAC
Destination Address: Any
Apply -
Add…
Action: Block
Protocol: IP
Direction: In/Out
Source Address: Any
Destination Address: Any
Apply
Apply
Apply -
You should now have 2 green rules and then a Red one.
D: Apply rule to Applications
- Open Firewall / Advanced / Network Security Policy / Application Rules
- Choose the application that should only work with Boleh active (BolehRoute), or add an new one.
- It will open to “Application Network Access Control”
- Here choose the Predefined Policy “BolehOnly”
- If there are other rules already, they will be removed. To keep any existing settings, you’ll have to improvise here.
- Apply
- OK.
Do this to all apps that should only access through the VPN (BolehRoute)
E. Testing…
- In the above example, I made a rule for Google Chrome.
- Disconnect from BolehRoute
- Open Chrome - it is unable to load the home page.
- Enable BolehRoute
- Refresh Chrome - it works.
[attachment deleted by admin]