In firewall Rules Add Ability To Specify Network Interface [M1033]

1. What version of CIS, or Comodo Firewall, are you currently using:
7.0.313494.4115

2. What actually happened or you saw:
In new rule window I can set IP address and packet direction, but I can not set network interface.

3. What you wanted to happen or see:
In rule the opportunity to select interface name in separate box near traffic direction box.

4. Why you think it is desirable:
If the network interface uses dynamic IP, then the host IP is not known and the network interface is not known by the host IP. Thus it is impossible to separate packets from difference interfaces.

As far as I know, some attacks use the substitution of the addresses of the sender and recipient addresses, example ip recipient to 127.0.0.1 or 192.168.0.8. In local network this is possible.

It is impossible to separate by IP, which interface received this package. Loopback or ethernet? Or virtual interface by virtual machine? And allow the passage of unwanted package.

5. Any other information:
Linux iptables allows you to specify an IP address and interface at the same time in one rule.
Also, a screenshot of what this may look like is attached.

A possible workaround is using MAC addresses. However, even with that, if an attack is made from the local network, it may still be allowed.
This can be used simultaneously broadcast MAC FF:FF:FF:FF:FF:FF, IP broadcasts 224.0.0.* or fake IP 127.0.0.1 and the like. Also, be aware that the computer may have several network interfaces, for example, loopback, LAN, VPN and virtual machines interfaces, .

In addition, the filter for the loopback interface, if I am understanding correctly, does not use the MAC addresses. However, for other firewalls (like iptables and VipNet Coordinator) the loopback interface feature allows the possibility of automatically discarding packets from the same address as your network card.
Try to deny all packets on the 127.0.0.1 address, 224.0.0.* 255.255.255.255 with any interfaces except the loopback, given that in the incoming packet contain broadcast MAC. With Comodo it is currently impossible to do this.

[attachment deleted by admin]

Can you show me an example of what this may look like?

In VipNet Coordinator network interface shown in bottom of address window (in first sceenshot)

In COMODO this could be as shown second sreenshot.

[attachment deleted by admin]

Thank you for submitting this Wish Request. I have now added a poll and moved this to the WAITING AREA.

Please be sure to vote for your own wish, and for any other wishes you also support. It is also worthwhile to vote against wishes you think would be a waste of resources, as implementing those may slow down the wishes you would really like to see added.

Thanks again.

I’d just like to say that a possible workaround is using MAC addresses, that’s what I’m personally using to differentiate different NICs.

How to be with the broadcast MAC packages, by type FF:FF:FF:FF:FF:FF?

If the attack is made from the local network, it is quite possible.

In addition, the loopback interface, no MAC addresses, if I understand correctly. However, the loopback interface (local interface) feature in settings like iptables and VipNet Coordinator.

In addition, set MAC address filtering rule.
For all incoming on 127.0.0.1 255.255.255.255, 224.0.0.32 etc. to the address of your network card is to discard packets.

In COMODO this is impossible.

I would like to thank everyone who has voted on this particular enhancement. As this wish has accumulated the necessary 15 points I have added this to the tracker for consideration by the devs. However, do note that even though this wish will be considered by the devs, it does not necessarily mean that it will be implemented. I will update this topic when I have any additional information.

Thank you.