I’d appreciate any help regarding using IP masks in CIS FW rules. The most urgent problem I have is I need to define a network zone correctly. I’ve gone through few articles but I still don’t get it.
I would like to define that all computers in my network zone has IP 10...* I already tried 10.0.0.0/255.0.0.0 and 10.255.255.255/255.0.0.0 and I used it for my FTP server rules but FW keeps giving me pop-ups.
I think I’ve found the cause of the problem. In one of my rules I’ve mixed source and destination port. Basicly I use two rules for my FTP exe which allow all IP from my network zone (LAN) access my FTP on passive port range and on port 21. The same two rules are also in Global Rules. Now I corrected the rules and I’m waiting for someone to access my FTP to test them.
10.0.0.0/255.0.0.0 is 10...* but you could drop three more combinations which may be useful for others For example the meaning of the following masks I tried to use in the past:
10.255.255.255/255.0.0.0
10.2.10.220/255.0.0.0 (my specific IP followed by a mask)
and few of some others but useful - unlike the two above
So what’s the difference between
10.0.0.0/255.0.0.0
and
10.2.10.220/255.0.0.0 or 10.255.255.255/255.0.0.0 ?If you’ve lost your patience towards me, feel free to close the thread
Because they use the same mask and start with the same value in the first octet.
The mask 255.0.0.0 says that the first octet value has to match exactly and the remaining octets value can be any value within the restrictions of 0-255
So the effective network range is the same within all the examples, the end result is the same network.
My network range is 10.0.0.1 to 10.0.0.255 (I only use the last octet for my fixed ip addresses)
In Comodo I have a network zone defined as 10.0.0.0/255.255.255.0 and the two standard rules that Comodo makes when it detects a network are in the global rules list (at the top!)
Still I am getting pop ups on for example for svchost, dns, System on for example 10.0.0.214.
I wonder why this is, all the internal traffic as defined by the network zone should be allowed right?
Hope you can help me understand because this is driving me nuts for a long time now.
Do you mean by the Wizard the auto detected network when Comodo is first installed? Then the answer is yes but I manualy changed the values to 10.0.0.0/255.255.255.0 afterwards.
The firewall is in Safe mode at the moment because at least the allowed connections are remembered. But I would like to have it in Custom Policy Mode and not be bothered with internal traffic, but be warned when other traffic is going on.
The Global Rules are NOT also in the Application Rules tab.
And choose the first option to Define a new trusted network.
on the Next page choose the first option
I would like to trust an existing My Network Zone in the drop down menu select the zone.
and Finish.
Ok, I remove all the Application and Global rules and run the wizard. Now there are two app rules called system. But again I get a alert from svchost, lsass from a internal computer.
I also tried something else:
I have added a Application Rule with the following specs:
Action: Allow
Protocol: IP
Direction: Zone (my trusted zone 10.0.0.0/255.255.255.0
Source and Destination: (my trusted zone 10.0.0.0/255.255.255.0
IP Protocal: Any
This works and it is quiet on the popups, except for 127.0.0.1 and 127.0.0.0 alerts.
I this a save setting, (assuming that all the computer in my own network are trusted)?