Hi all comodoers… (L)
I need help to create rules for filtering MAC address and IP in my LAN connection…
So the filter work it’s mean IP who have the right MAC address could access my computer…
I’ve tried to create the rules before but it didn’t work…
Could anyone help me ?
Sorry for my poor english… (:SHY)
Does anypne know how to create the rules ? help me plzz… (:SAD)
Hi resshin - you can filter by either IP address/range or by MAC. You can add addresses or ranges of addresses to a network Zone, but you can’t restrict the Zone by writing a MAC and adding it to the Zone. That would only give you a Zone with the permitted IP address and a permitted MAC and either would fit the Zone. You can just write a rule based on a Zone consisting of just the MAC that you want to permit. I am not sure that the MAC information you want will be included in the IP header details. I believe that the version 7 IP does include that info, but I don’t know if it is a universal standard. You can try writing a rule based on the use of a single MAC (or several, if you define all the MACs by using Add repeatedly to create a My Network Zone with several MACs in it). If you only have one MAC that you want to allow to connect, you can just add that to the application rule for the application that you want to use to make the connection.
Click Firewall>Advanced>Network Security Policy. On that page, locate and select the application that you will use for communication. Click “Edit”. If the “Use a Predefined Policy” button is selected, click on the “Use a Custom Policy” button and then click “Copy From” and choose Predefined Security Policies and select the one that was used in the “Use a Predefined Policy” drop-down above. This will duplicate the policy that was formerly applied, but you can now add to it. Click the Add button at the bottom left. Select Allow;IP;In;(description to identify the connection);Source Address (insert your remote computer’s MAC); Target Address (any); IP details (any). This rule defines the source of permitted inbound connections as being the remote MAC. Click Apply. Then click Add and select Allow;IP;Out;(Description);Source Address (insert your machine’s MAC);Target Address (insert the remote machine’s MAC); IP details (any).
This may not work if the IP header does not have the necessary MAC information, and I think that that depends on the software used.
To add to the question. Is it more secure to use MAC or just specify an IP address?
Meaning: Is it better to specify an MAC to allow access to the network or just specify an IP address?
Either one works about the same. You will only know the MAC for your local machines, and if you have a home LAN, you would do well to use the IP addresses in case your software needs to connect to your local broadcast address (x.x.x.255). If you have a single computer connecting directly to the net, then MAC’s are one way of identifying your machine unambiguously. You should also use the “Block all incoming…” option on the Stealth ports wizard if you have a single computer.