problem with blocking other computers

hello!
first of all, i’m using comodo firewall since quite a time now and i really like it!
but i’m currently struggling with the following problem:

i have to set up our network in our litte company:

we have 4 computers…1 server and 3 “normal” pcs (clients). all of them are using the internet via a netgear wlan router. this internet connection is shared by all the other people living in this house, where company’s office is. so i would like to secure those 4 pcs, so that they can access each other but can’t be accessed by other pcs.
so basically i would like to define the following rules on each pc:

-allow traffic from our 3 pcs
-block all other traffic coming from other pcs in the house.

i tried all day long and read parts of the helptext, but it won’t work…
first i definied a network zone named local network#1 with the 3 pc’s hostnames (ip addresses are assigned dynamically via dhcp). then i defined the following global rule:

block tcp or udp, in or out and exclude the zone “local network#1”.

to me it sounds good :), but it doesn’t work…the funny thing is, sometimes i can access the other pcs, then only one of them and it changes. when i tried a pc not in the “local network#1” it was possible to access the server…worst case :slight_smile:

thanks for your help, i would really appreciate some advices or a howtos :slight_smile:

enjoy your sunday!
cheers, stephan

Fore some reason, there generally is no way to make it work from a global rule, specially if it has an excluding mask.

It should work if writing these rules in the firewall network settings, but you need to write them for every allowed or blocked application unless you want to totally block one computer from another (then the blocking rule is “all applications” for the said computer ip, on top of all other rules).
Specifying traffic from other computers is not that long, since blocking system and scvhost, ports 135-139 for the concerned zone should be enough.

Note that, under 2000, xp and after, you don’t need a firewall to do that: disabling the network shares and the ping is enough, or alternatively setting your 2 groups of computers in 2 different windows workgroups, your computers won’t be even able to see each other anymore.

thx for your help! my problem is now…how can a generally block all pcs in the network except our 3 pcs. because i don’t know how many computers will be using this network and i don’t know their ip addresses , because the network is using dhcp. so all i know is the hostnames of our pcs.

thanks again!
cheers, stephan

G’day,

In a case like this where you have an unknown (the number of PCs that could possibly attach to the network), I would recommend introducing some known values - static IP addresses.

If your router has an address like 192.168.1.1, manually assign 192.168.1.2, 192.168.1.3 and 192.168.1.4 to the three PCs that you want to ALLOW. Then, adjust the DHCP allocation pool on the router so that its allocation range starts from 192.168.1.5.

This sets up a clear division between known and unknown devices, but it’s not ironclad, as an unknown device could setup a static address in your allow range (192.168.1.2 - 192.168.1.4) and sneak on when one of your three allowed PCs is offline.

To get around this, install CIS on the server, set the IP addresses of your three known PCs in a zone and then make this zone trusted. Then, create a BLOCK rule but select the EXCLUDE option and nominate the zone that you created with the trusted PCs. This will BLOCK all IP addresses except those in the nominated zone.

The key is to introduce a non-volatile element on the trusted PCs that can be consistently referenced.

If you want to go a step further, get the MAC address of the network adapters in each of the trusted PCs and use the MAC address in place of the IP address in the zone.

Hope this helps,
Ewen :slight_smile:

P.S. MAC addresses are not bulletproof either, but it’s a step up from just IP address filtering.