Network control rules and dynamic DNS

Hello all,

I have created a network rule that defines as a source a Host Name. The host name is actually a Dynamic dns host and the IP changes every day (TTL=0). When I first added the rule CPF translated the dns name to the corresponding IP and stored the rule.

The problem is that the IP changes every day, CPF does not refresh the dynamic dns entry and it apparently blocks the new IP’s requests . Is there a way to periodically force an update ? The only way I found to overcome this was to recreate the rule, but this of course is not a solution. If the Dynamic Dns is not automatically refreshed then there is no reason to have a host entry in the network rule configuration.

Thanx

Welcome to the forums, jsrasda!

While you’re online, I want to point you to a link that may provide some information to help you resolve this issue. Hopefully… :wink:

https://forums.comodo.com/index.php/topic,3676.0.html It’s two pages of posts discussing a similar issue. There’s some good info there; hopefully that will help you.

LM

Thanx LM for your answer.
Unfortunately after I read the topic there’s no actual solution to this problem.

Anyone from the product team care to respond ?

Thanx

I’m sorry that did not provide the necessary information.

Does the dynamic dns host have an IP range that you can put in your rule, so that anything in that range is allowed? Surely it stays within a given range?

LM

Unfortunately not

ugh. :-\

Well, if static IP is out of the question, IP range is out of the question…?

If you have not already done so, please file a ticket with Support. http://support.comodo.com/

It’s free, and they make it a point to respond within 24 hours. They may have a solution, or workaround for you (besides remaking the rule).

Be sure to post their solution response here, for others’ benefit.

LM

The problem is that the IP changes every day...

So you can’t set the router to give you a static IP yourself?

It would be nice if you could say a little more what you are trying to accomplish, and why.
It will be easier to help you then.

Unfortunately where I live, most of the ADSL providers charge an extra 10-15 EUR per month for static IPs. So every day they reset the router’s IP. I need to create a rule to give access to a friend of mine, but every day his IP changes …

Thanx again

Why couldn’t you gradually build the range. Start out the first day using his current address then the next day make that address either the beginning or ending IP of the range and keep expanding the range depending on their IP that day until you get the full range.

Another thing might be to call the ISP and find out what address range he is in.

Just my 3 cents(inflation).

jasper

Well if I do this (expand the IP range) then someone else could potentially access my pc except my friend…

How were you accomplishing this prior to installing CPF?

Since the IPs change every day on both ends, how would you normally define the network, or do a VPN, or however it is you’ve been accomplishing it?

LM

You are absolutly right if you do not require a password to get to the data.

jasper

I’m also a bit curious on how you did solve this before?

I’m still trying to solve this problem … This is why I’m looking for a firewall that actually uses the host name from DNS and not just translating the host name to IP at the time of the rule creation. Other firewalls also have the same problem …

So, it looks like there is no solution to this. Does anyone know if there is a published comodo API for updating the rules programatically ?

Thanx again

How did you solve this before?

AOwL, I didn’t solve this before … This is why I moved to Comodo in the hope that network rules work properly with host names :slight_smile:

So…

Have you used other firewalls prior to CPF, with the same/similar results?

Even without any firewall in place, it would still be a manual process, rather than automatic, as the IPs are changing… You would still have to find out the IP addresses before being able to set up the connection…

Prior to you making a post here, how did you deal with this issue? I realize that you did not have a solution, what I’m interested in learning is how you addressed it/what was your “solution”?

It’s a bit of a conundrum, and your answer may help me think of something.

TNX,

LM

Yes, I’ve also used other SW firewalls with the same results. Zonealarm’s behavior for example is exactly the same. In HW based firewalls you can only use IPs to define the rules.

So what I usually do is that I manually update the rules every morning…

What I’m wondering is if there is an API I could use to automate this task through a script or something like that.

Are you currently connected from that computer?

I’m not aware of an API/script that would automate it; however, there are some resident geniuses that might have a little something up their sleeve…

LM

Yes I am.

Where can I find those geniuses then ? (S)