I have a simple question, but I did not seem to find any satisfying answer from Comodo forums. The question is with regards to the network zones in general and Home zone in specific. Most of the suggestions I find from the forum is to make the Home zone based on the IP address range.
But what’s the point of setting for example 192.168.1.1-192.168.1.255 as a IP range for Home and then make application rules based on that, as many of the public networks use anyway same 192.168.1.x setting? For example, when I would like to allow NetBios ONLY in my Home zone, but when the public wifi also has the same IP range as Home, then there is no point of having the rule at all, as it may fire when being at the public wifi with the same IP range.
I tried to set the Home zone based on the router MAC address, but then nothing seemed to work anymore. My idea was that if I connect to my home network through my own router, and the router has MAC address xyz, then this is a quite unique setting. And some application rules work only in a network which has a gateway with MAC address xyz.
Any ideas, or do I get something completely wrong here? I’ve used COMODO for over ten years now I think, but only recently started to implement manual rules.
Assuming that all devices on the interior of your LAN obtain their IP addresses by DHCP from your router/gateway, all you need to do is login to your router/gateway and change the devices internal IP address and the DHCP reserved IP address range to one that is in one of the three above named ranges, but not one of ranges commonly used in public WiFi.
For example, on a Netcomm router, you would go to Network Setup → DHCP Server. This page contains the internal LAN IP address used by the router and the DHCP pool range. The default values here are 192.168.1.1 for the router and the DHCP pool range is 2-254. The only change we need to make is to change the internal IP address of the router to, as an example, 10.012.210.1 and then reboot the router. The router will then DHCP assign addresses starting from10.012.210.2 and work its way upwards as your device connect.
If you decide to use this method, I would create a network zone based off your chosen IP address range and then create your rules using the zone. This will allow your device to fully function when outside your home network, without compromising the rules you have created for your home network environment.
Also, if you are going to create Global Rules based on this zone, please remember to move any ALLOW rules above any BLOCK rules in the list.
