I installed the Comodo Firewall Pro 2.4.16.174 on my Windows XP Home version machine. I am not able to understand Network Rules, why did’t work as expected. Don’t know its a bug in CPF or I made some mistake.
Here is the summary of rules I created:
ID 0: I created a “Allow” rule to communicate with DNS server on port 53. (it works as expected)
ID 1: Created a “Allow” rule to communicate with 192.92.253.137 (comodo.com). (it works as expected)
ID 2: Created a “Block” rule to not communicate with yahoo.com
(While adding this rule I specified in “Destination IP” tab, Host Name as yahoo.com, my intention is to stop all traffic with yahoo.com, since yahoo.com has multiple IPs associated we can’t stop visiting yahoo.com based on their many IPs)
ID 3: All other TCP/UPD In/OUT traffic is allowed
I expect that my machine should be able to view all sites along with comodo.com except yahoo.com
I am able to resolve DNS queries, able to visit comodo.com, but not able to visit any other site. Since I created a rule (ID 2) to BLOCK yahoo.com, CPF takes Yahoo.com’s IP as a range and block lot of other sites also.
My machine’s Network Control Rules screen shot is attached.
Unfortunately, with this set of rules you’ve made your machine vulnerable to any tcp/udp inbound attack. You should restore the default rules. The last rule should allways be Block IP in/out.
You can then add the rule to block yahoo if you want to, and put it above any other rule. You don’t have to make additional rules to allow access to any web site, since it’s taken care with the default rules (allow TCP/UDP outbound). You can only leave the rule you’ve made for your DNS server if you’re having some problems.
Thanks for your reply but it did’t solve my problem. I want to block yahoo.com but when I Block it, CPF also block all other sites, as I said (I believe so) CPF entertains the yahoo’s IP as a ‘range of IP’
As you can see in the screen shot attached in original post, it allows visiting comodo.com as it rule appears above yahoo’s block rule.
In short, could you suggest how to block visiting yahoo.com via CPF control rules?
First you NEED TO PUT BLOCK on the last ( ID 8 ) rule!!!
You are in danger!
You don’t need that allow Comodo rule, since all out is allowed.
Now, you can make your Yahoo rule.
Go to Network monitor (security/network monitor).
Right click on your ID 0 rule and add/add before.
Do these settings.
Action : Block Protocol : IP Direction : Out Source IP : Any Destination IP : Host Name : www.yahoo.com IP Details : Any
Thanks AOwL & Bubu74 for your valuable suggestion and time.
I restored the default ‘Network Control Rules’ and added the new rule at top to block the “www.yahoo.com” and it worked. I was able to visit all sites except www.yahoo.com as required. But I am still able to visit all other yahoo sites that have names like xxxx.yahoo.com (mail.yahoo.com, messenger.yahoo.com etc)
Therefore, in my settings earlier, I used (in Destination IP tab - hostname) “yahoo.com” without www. And I found that it blocked lot of sites other then yahoo also.
I have attached the screen shot showing my present Network Control Rules. It shows the yahoo.com and a range of IPs taken automatically.
Have any idea how to block the complete yahoo.com?
I think there is programs out there that doesn’t do anything else than block sites, so you can try to find one that seems good.
Another user may have any suggestions.
Ok, you seems right, I need to look for some other solution besides Comodo Firewall for blocking sites. Its not a wise solution to manually put rules to block each subdomain like xxx.yahoo.com
Since Comodo provides IP based blocking it should also provide some domain based blocking, I hope they provide this feature in their coming/future versions.
I will put resolved on this thread and lock it, since you now got an answer how to block sites with network monitor.
Feel free to start a new thread if you got any more questions.