I’m having a bit of trouble configuring Comodo (latest version, 3.5.x) to filter more than one MAC address.
I’ve set Firewall Behavior to Custom Policy Mode and I’m adding rules to the Network Security Policy under Global Rules.
One of the rules looks like this:
Block IP In From MAC Not 00-1A-4B-5D-18-FB To IP Any Where Protocol Is Any
So, all the requests heading in from any other computer, except for the one with that MAC address, will be blocked.
This works without a problem, until I add another rule, for another MAC address… like this for example:
Block IP In From MAC Not 00-1A-4B-6D-19-4A To IP Any Where Protocol Is Any
After I add this one, all incoming requests are dropped, no matter what MAC address they’ve been sent from.
I’ve also tried using IP’s instead of MAC’s and the results are the same.
What I want to do is block all requests from any IP’s, except for the ones that I specify. I’m sure this isn’t working because I’m doing something wrong, but I can’t really figure out what.
Rules are executed from top to bottom. The first rule has already blocked all of the incoming traffic you would like to look at in the second rule. Suggest you make all of the MAC addresses you want to allow into a network zone and set up the rule to block all but that network zone. Then you can change your choices by editing the zone.
Yes.
If you have a packet from (for example) MAC 00-1A-4B-5D-18-FB (1 Rule) it may bypass this rule, but will be blocked by second Rule.
And yes - the only way to solve it - Define a new Network Zone and make a Global Rule to block all, exept this Network Zone.
Also it is a good sollution to define a new Network Zones, even if you will have only one row in them. It is better later to change only Network Zone, than looking at all Rules and trying to locate and change directly in Rules.
Thank you sded and exproff for your fast replies. I knew I was missing something :P.
I’ve created a “trusted” network zone with all the IP’s I wish to accept requests from (I still don’t know all the MAC addresses), and added a rule that blocks all incoming requests except from the zone I created.