How to allow VPN connections only

Hello this is a little Tutorial mainly based on (http://www.p2panonimi.p2pforum.it/wiki/index.php?title=Relakks-Firewall#Configurazione_base_Comodo) to configure Comodo v2.4 the way your computer is only allowed to connect to the internet using a VPN Provider like Relakks, so your “home” IP address won’t be revealed in case the VPN suddenly disconnects and applications start to send data using your “home” IP address, as long as Comodo is running!
However in case you are running Window XP I would suggest to use Comodo v3 since you can also setup application specific block rules there and the configuration is much more easier than this.

Since we are going to block all traffic that isn’t using the VPN tunnel, you need to use the IP address of your VPN provider to connect to the service, since Windows would otherwise need to make a DNS lookup for this address. So in case of Relakks you have to alter the dial-in connection you can find in the “Windows network-connections” section from Hostname or IP “pptp.relakks.com” to “83.233.182.2”.

Then go to Comodo v2.4 => Security => Network Monitor and add the following rules (in this exact order) and move them to the top. Note: The order in which the rules are placed upon another is important!

Rule0:
Allow; TCP; Out; Source IP: Any; Destination IP: The IP range of your VPN provider (in case of Relakks that’s: IP range: start: 83.233.168.0 – end: 83.233.183.255); Source Port: Any; Destination Port: A single Port: 1723;

Rule1:
Allow; IP; Out; Source IP: Any; Destination IP: The IP range of your VPN provider; IP Details: IP Protocol: GRE

Rule2:
Block; IP Out; Source IP: Exclude (NOT) The IP range of your VPN provider; Destination IP: Any; IP Protocol: Any;

Rule3:
Allow; IP; In; Source IP: The IP range of your VPN provider; Destination IP: Any; IP Details: IP Protocol: GRE

Rule4:
Block; IP; In; Source IP: Any; Destination IP: Exclude (NOT) The IP range of your VPN provider; IP Protocol:
Any

Place these rules on top of all other rules – in the end your network monitor should look like this:

http://xs323.xs.to/xs323/08013/Comodo_v2_Relakks.png

Note: If you are using any filesharing programs like eMule or BitTorrent you also have to add some extra rules to make them work properly. Leave rule 0 to 5 on top and place these rules you need for filesharing above rule 10. You can find eMule and BitTorrent tutorials here in the forums.

You should also disallow filesharing programs to use port 1723 TCP connections, since otherwise you real IP address could still be revealed if the VPN connection dies an you are connected to somebody using the same VPN provider as you.
Go to “Application Monitor”, choose your filesharing program and setup these two rules:

Allow; TCP or UDP; In/Out; Destination IP: Any; Destination Port: Exclude (NOT) A Single Port: 1723

Block; TCP; In/Out; Destination IP: Any; Destination Port: A Single Port: 1723