I am new to Comodo and having trouble understanding how it works.
Problem.
I want to restrict web server incoming and out going access to 5 IP addresses yet allow windows automatic updates.
Please can you explain how to do this.
Thanks
oscardog.
do you ask about restricting your web server? or do you ask about “web servers who try to connect to your pc”?
the more specific you ask, the more specific the answer will be.
Thanks for answering my posting.
I want only five known IP addresses to be able to use my web server and no other would be users.
I want the web server to be able to continue to use services such as Windows Update.
I do not want to allow file downloads.
Thanks
oscardog.
ok.
-
so you need a rule which allows 5 specified adresses to connect to your server ingoing? do they only connect to the pc, or is there something unique else (port, protocoll)?
-
if you want to connect to the internet, you need anyway only outgoing rules. the requested packets will arrive though (for example updates). every program that asks for connection will run with “allow outgoing udp+tcp” rules.
-
what is about file download? who? from where? if you allow someone to connect to your server, you still dont want him to download things? for this scenery i have no idea. i think, that must be setted in your server behaviour.
Many thanks for your response.
your point 1) the 5 incoming users will conect only to my pc (web server) i do not want the rest of the world to have access.
your point 3) I do not want any other user/hacker to be able to get any files of the wb server.
For me this all about preventing any unauthorised user from getting or uploading files to my web server
many thanks
I value your responses.
oscardog.
you should make sure that your server restricts the access to the data until only allowed users with the special rights can use it.
when you use a firewall for it, you can only allow traffic, or block it. but if the connection to your server is enabled, the traffic passes the firewall. so its the server who has to organisate the rights and permissions.
to allow TRAFFIC (traffic!) for ip-adresses INgoing, you should use global rules. and if the connection has an application as a target, you can make for this application the rules too.
global rules (on top of the rules set, each for one of the 5 allowed ip-adresses)
"allow ingoing traffic if (protocoll), source ip (one of the 5 ip-adresses), destination ip (your server), source port (used port of the allowed users) and destination port (the port on your server that listens).
the more restrictive you make these rules, the better.
you should not have a rule under application rules, which allows ingoing traffic, if its not related to a “sending server” (there you have to make the needed security with the server settings).
as an example for an application rule, which would allow only special traffic from special ip-adresses, you can put the global rules which described above into the rules for that needed application.
make sure, that in end effect your rule set has no hole, which isnt “under control of another setting” (on server or something.
Understood.
Many thanks for your patience and your help, it is much appreciated.
Cheers
oscardog.