By device, I mean the specific hardware connection that appears in your Network Connections. I suppose you can rule this as Mac Address, but the Device Name that appears in Network Connections would be more familiar to the user.
I know when you create a Trusted Zone, it automatically populates the name of the Zone with the name of the hardware descriptor, but only as a reference to that device’s IP address (which could be identical to another device’s IP address or subnet).
It is that skill that I wish to circumvent, and I am aware those packets would be dropped (the very purpose of a firewall). Spoofing isn’t that difficult, especially from a *nix machine, but I’m also interested in blocking network packets that intend to use my machine as a gateway… unless the IP source is a known and trusted computer, or even a computer whose user has paid me for said gateway access.
When you create a zone, you can give it a more meaningful name than the device name. For example, I have one PC that has 7 connections, and the zone names are aligned with the purpose of the connection - “Internal LAN”, “SAP Farm 4”, “Activesync” etc.
It is that skill that I wish to circumvent, and I am aware those packets would be dropped (the very purpose of a firewall). Spoofing isn't that difficult, especially from a *nix machine, but I'm also interested in blocking network packets that intend to use my machine as a gateway... unless the IP source is a known and trusted computer, or even a computer whose user has paid me for said gateway access.
You might want to look into the “Exclude” option in the rules set up. When using this, you make a BLOCK rule and specify the address/es you want to accept, and all others are then blocked.
If you have people paying you to use your PC as a gateway (mini-ISP sort of thing), then you have a right to maintain a certain degree of control over how they connect to your PC. Maybe think about making them use a static IP range that can be explicitly catered for by a zone rule (voice of experience speaking here ;)).
Aha! You mean the devicename the driver presents to you.
Comodo makes “Trusted Zones” based upon the interface of your choosing, but you can’t make rulesets based upon these. I don’t think the TCP/IP protocol sends this kind of information on the wire. If you want to block specific hardware, you have to use MAC addresses.
When I say “Spoof” I mean something other than just replacing your source address on some server. Routers too have this ability and I use it frequently to test connectivity and access-lists configurations. And I don’t call this spoofing
If you want to narrow down access to your gateway, do like panic said. Allow a limited number of hosts/subnets and drop everything else. Easiest way to control access based upon IP. Same way with MAC.
Instead of making a new topic about Wi-Fi Lan, it is better to post all my worries here coz its in the same group.
My problem was connecting my Nintendo DS to my Wireless USB(AP) instead of LAN, at first the signal I was receiving is good but at the end the signal will disappear.
I was bothered cause I cannot go online with my game. I tried to use its Option “Allow All” and I was able to connect to Nintendo’s WFC. I wonder in what configuration I will set?
I already add my Wireless USB in the “Network Monitor”. What should I nee to do?
I hope anyone who is willing to help a young boy here.
For Wii and Nitendo DS you will have to disable Network Monitor while playing. The problem is that they do not use specific ports and is impossible to configure correctly the network monitor.
OK, all you gurus out there… I have been trying to figure this and am at the point of uninstalling Comodo. I can connect to my router when I turn Comodo off and stay connected after I turn Comodo back on but not when Comodo is on?
I need your help. Its simple, its basic but don’t know what am I overlooking?
My router IP is 192.168.1.1 a Linksys 300N running latest firmware. Starting ip address of 192.168.1.2 with a subnet mask of .248.
Settings on Comodo firewall are zone name “HomeWirelessNetwork” start address 192.168.1.0 to .7. Trusted zone is the same name selected from the drop down box and the ip addresses it gives are correct also using the default Any to any setting.
Can someone please tell me what I am doing wrong?
Thanks,
lev.
You have defined a zone, but have you set that as Trusted (using Security/Tasks) so that it creates two rules at the top of Network Monitor? If these two rules are not present, the zone is not being applied. You should have in position Rule ID 0 this rule: Allow IP Out from Any to Zone where IP Detail is Any. In position Rule ID 1 you should have Allow IP In from Zone to Any where IP Detail is Any.
If those two rules are in place, have you rebooted since you did so? If not, please do.
If it’s still not working, temporarily set CFP Security Level to Allow All for testing purposes only. Try to access your LAN. If it fails, it is not CFP blocking you. In that case it will probably be the residual traces of your previous firewall causing a conflict.
If Allow All enables your LAN connection, then CFP is blocking something somehow. The Logs will hold the clues. Open Activity/Logs, right-click any entry and select “Clear all logs.” Then try to access your LAN (with Security Level returned to Custom), with no other programs running. Once it fails, go back to the logs, and look at the very bottom entry (as this will be the oldest); that is where we will need to start.
I have a router and two laptops (the 2 laptops don’t have to talk to each other; in fact I’d rather they didn’t). My router has the IP 192.168.0.49 (I thought a random IP would somehow make it more secure?), so what should my IP subnet be if I only need two IP addresses? (currently it’s set to 255.255.255.0) Should I leave “Use router as DHCP server” checked? (currently: checked with starting IP 192.168.0.52 and ending 192.168.0.55).
On my Comodo firewall I’ve set my networked zones to the router’s IP address 192.168.0.49; is this correct? I see you can set it to a MAC address as well; does it make any difference in terms of security? Is one more secure than the other?
