IP Mask

Bucic · May 17, 2009, 8:51pm

I’d appreciate any help regarding using IP masks in CIS FW rules. The most urgent problem I have is I need to define a network zone correctly. I’ve gone through few articles but I still don’t get it.

I would like to define that all computers in my network zone has IP 10...* I already tried 10.0.0.0/255.0.0.0 and 10.255.255.255/255.0.0.0 and I used it for my FTP server rules but FW keeps giving me pop-ups.

Bad_Frogger · May 17, 2009, 9:06pm

This mask 10.0.0.0/255.0.0.0 correctly identifies the zone to be 10...*

So there must be some other problem with the implementation of your rules.

Are your Allow rules above any general Block rules? ordering of rules matters.

Are the rules themselves logical?

What are the pop ups specifically asking for?

Later

Bucic · May 17, 2009, 9:39pm

Thank you for fast reply, BF. There wouldn’t be a problem if I could import my firewall rules from 3.8 https://forums.comodo.com/install_setup_configuration_help/import_only_firewall_rules_from_38_to_clean_39-t39424.0.html

I think I’ve found the cause of the problem. In one of my rules I’ve mixed source and destination port. Basicly I use two rules for my FTP exe which allow all IP from my network zone (LAN) access my FTP on passive port range and on port 21. The same two rules are also in Global Rules. Now I corrected the rules and I’m waiting for someone to access my FTP to test them.

Bad_Frogger · May 18, 2009, 9:57pm

You’re welcome,

Sorry bout the import thing, progress.

Hope that rule change got you sorted.

Can we resolve this one?

Later

Bucic · May 18, 2009, 10:07pm

10.0.0.0/255.0.0.0 is 10...* but you could drop three more combinations which may be useful for others For example the meaning of the following masks I tried to use in the past:

10.255.255.255/255.0.0.0
10.2.10.220/255.0.0.0 (my specific IP followed by a mask)

and few of some others but useful - unlike the two above

But thank you anyway for your fast reply then!

Bad_Frogger · May 18, 2009, 10:16pm

How about

255.0.0.0 mask means X...*
255.255.0.0 mask means X.X..
255.255.255.0 mask means X.X.X.*
255.255.255.255 mask means X.X.X.X or a single IP

Like that?

Later

Bucic · May 18, 2009, 10:25pm

So what’s the difference between
10.0.0.0/255.0.0.0
and
10.2.10.220/255.0.0.0 or 10.255.255.255/255.0.0.0 ?If you’ve lost your patience towards me, feel free to close the thread

Bucic · May 18, 2009, 10:33pm

I hope you don’t mind if I drop this line in the dedicated topic, where I asked the question.

Bad_Frogger · May 18, 2009, 10:34pm

Because they use the same mask and start with the same value in the first octet.

The mask 255.0.0.0 says that the first octet value has to match exactly and the remaining octets value can be any value within the restrictions of 0-255

So the effective network range is the same within all the examples, the end result is the same network.

Am I making sense?

later

Bucic · May 18, 2009, 10:39pm

Perfect sense! Thank you again! No more questions for now

Bad_Frogger · May 18, 2009, 10:40pm

Way cool

Later

pietheyn · May 20, 2009, 8:44pm

I am struggling with this too:

My network range is 10.0.0.1 to 10.0.0.255 (I only use the last octet for my fixed ip addresses)
In Comodo I have a network zone defined as 10.0.0.0/255.255.255.0 and the two standard rules that Comodo makes when it detects a network are in the global rules list (at the top!)

Still I am getting pop ups on for example for svchost, dns, System on for example 10.0.0.214.

I wonder why this is, all the internal traffic as defined by the network zone should be allowed right?

Hope you can help me understand because this is driving me nuts for a long time now.

Bad_Frogger · May 20, 2009, 8:59pm

Have you used the wizard to apply that 10.0.0.0/255.255.255.0 is a trusted zone?

The same rules for the trusted zone should appear for Windows system under Application Rules, as well as in Global Rules.

Is the Firewall in Safe Mode?

pietheyn · May 20, 2009, 9:10pm

Do you mean by the Wizard the auto detected network when Comodo is first installed? Then the answer is yes but I manualy changed the values to 10.0.0.0/255.255.255.0 afterwards.

The firewall is in Safe mode at the moment because at least the allowed connections are remembered. But I would like to have it in Custom Policy Mode and not be bothered with internal traffic, but be warned when other traffic is going on.

The Global Rules are NOT also in the Application Rules tab.

Bad_Frogger · May 20, 2009, 9:22pm

So you have the Zone defined in My Network Zones.

Run the Stealth Ports Wizard.

And choose the first option to Define a new trusted network.
on the Next page choose the first option
I would like to trust an existing My Network Zone in the drop down menu select the zone.
and Finish.

The appropriate rules should be created.

pietheyn · May 20, 2009, 9:37pm

Ok, I remove all the Application and Global rules and run the wizard. Now there are two app rules called system. But again I get a alert from svchost, lsass from a internal computer.

I also tried something else:

I have added a Application Rule with the following specs:

Action: Allow
Protocol: IP
Direction: Zone (my trusted zone 10.0.0.0/255.255.255.0

Source and Destination: (my trusted zone 10.0.0.0/255.255.255.0
IP Protocal: Any

This works and it is quiet on the popups, except for 127.0.0.1 and 127.0.0.0 alerts.

I this a save setting, (assuming that all the computer in my own network are trusted)?

Thanks for your time!

Bad_Frogger · May 20, 2009, 9:46pm

Yes those settings are fine.

Just select Allow and remember for the few pop ups from apps that need to access loopback zone 127.etc.

You should be all right from there on.

Later