how to block application from connecting to the internet.

I want an application to run smoothly over the network but no access to the internet. How do we do this in Comodo?

Welcome to the forums.

You can do that in Firewall/Common Tasks/Define a New Blocked Application.
It’s always a good idea to read “What do these settings do?” in the bottom left corner of the window.


[attachment deleted by admin]

Thanks Jose for the reply, this what this settings do gives basic information about a particular feature but perhaps what I really want to achieve in details is.

I want to prevent an application from connecting to the internet but maintain its connection over the LAN all throughout the LAN.

okay I will try these in " Define a new blocked application" and see the results.


A blocked application will be fully blocked this is not what you are looking for.

What needs to be done is the following.

Define a network zone like “My Local Network(s)” that contain all ip ranges you need the application to have access to.

Once that’s done you need to open the network policy and lookup the application in question.
Create rules like
Permit IP In/Out, Src Zone “My Local Network” Dst Zone “My Local Network”.
Deny IP In/Out, Src Any, Dst Any.

This will allow the application to access all networks defined in the Zone “My Local Network” and block all other traffic, if you want to see what it blocks you can set Logging enabled on the Deny rule also.

At zhon
Sorry for having misguided you.

At Ronny
What if you do choose Blocked Application and then go to Network Security Policy and:
Allow__IP__In/Out__Ip Range__etc…


Ronny You are a Genius! I think thats indeed what im looking for. Im gonna go and check that out.

Ronny! it work! ha! Thanks a bunch man! your indeed a Comodo Hero!

Thanks, Good to hear it works like you asked :-TU

Hi Jose,

That should also work, if it’s set before the block rule, and you only need access to one ip range.
If you need access to multiple ranges it’s easier to use a Zone this will create only one rule on the policy instead of two/three/four etc…

I need to do this but I’m lost, can someone please elaborate on how exactly I specify all Local Network IP ranges for the application?

Hi The_Dude,

Open GUI select Firewall → My Network Zones → Add, A New Network Zone, Give it a name and press Apply

Right mouse click on the new name and select “An ip address mask” fill in the ip address and subnet mask and press Apply, now repeat this for the remaining ip ranges.

If you are done you can use this “Zone” in your firewall policy to allow the above mentioned construction.