I’ve just installed version 3.0.25.378 and I’m trying to block my computer from accessing a specific computer on my network. I had my entire home network set up in the Network Zones and added that specific host as an exception within that zone. I then created a separate zone, added the host to it, and added that zone in the Blocked Network Zones. When I did that, the host was able to access my computer without any problems. After an hour, I removed all of the settings, and then the other host was no longer able to access my computer. At this point, I can see no reason why these two computers can’t talk to each other, and yet they can’t. What does it take to make the rules to take effect?
G’day,
The easiest way is to set global rules blocking the IP of the particular PC.
- Open CFP
- Click FIREWALL → ADVANCED → NETWORK SECURITY POLICY → GLOBAL RULES
- Create a rule with the following parameters;
Action : BLOCK
Protocol : TCP OR UDP
Direction : IN
Description : WHATEVER YOU WANT TO CALL THIS RULE
Source Address : IP OF PC YOU WANT BLOCKED
Destination Address : ANY
Source Port : ANY
Destination Port : ANY - Click APPLY
- Create a rule with the following parameters;
Action : BLOCK
Protocol : TCP OR UDP
Direction : OUT
Description : WHATEVER YOU WANT TO CALL THIS RULE
Source Address : ANY
Destination Address : IP OF PC YOU WANT BLOCKED
Source Port : ANY
Destination Port : ANY - Click APPLY
- Move BOTH of these rules to the top of the list
Global Rules are read top to bottom.
It’s a good idea to have your explicit BLOCK rules at the top of the list. - Click APPLY
- Your two new rules should now be at the top of the list
At this point you should reboot to ensure that the new rules are initialized.
I realize this is the long slow painful way, but IMHO it makes the rules more understandable when you set them up manually like this.
Let us know how this works out.
Ewen
Thanks Panic, and here’s what happened and where I currently stand:
-
Removed all of the rules I added, rebooted, then the hosts could take to each other.
-
Followed above instructions, but created a single In/Out rule, rebooted, hosts could still talk to each other
-
Really followed above instructions, rebooted, now I can’t talk to the remote host, but he can still talk to me (EDIT: “talk” is defined as “able to ping”; although he can’t access any resources on my computer, I don’t want to even be visible).
A few questions:
First, what the heck? This is very weird.
Second, why do I have to reboot every time I change the rules? I’ve never had to do that with other firewalls
Third, why didn’t the single In/Out rule work?
Finally, what the heck?
Thanks for your help!
cheers,
RCS
G’day,
Before I reply, I just want to clarify several points from your original post that’s confusing me.
In the beginning of your original post, you said
POINT 1
I've just installed version 3.0.25.378 and I'm trying to block my computer from accessing a specific computer on my network.
yet further on in the same post, you said
POINT 2
At this point, I can see no reason why these two computers can't talk to each other, and yet they can't. What does it take to make the rules to take effect?
Points 1 and 2 are related. I’m unsure whether you’re trying to block a particular PC or allow a particular PC. Please clarify.
LOL. Love the difference between “Followed above instructions…” and “Really followed above instructions…”
Second, why do I have to reboot every time I change the rules? I've never had to do that with other firewalls
This isn’t really necessary, but was suggested so we could be certain that the friewall was implementing the rules we just created. There have been reports of a slight lag in new rules being initialized and I just wanted to make sure we were testing the new rules. Rather than reboot, you can wait 30 - 60 secs.
Ewen
The difference is the timeframe. Point 1 is the final goal - to prevent the two computers from seeing each other. In my efforts to reach that goal, I had attempted to implement a rule, found it didn’t work, then removed it. However, I found that when I removed it is when it seemed to take effect, which is when we reach Point 2 - there were no blocking rules in effect, and yet the machines still couldn’t communicate. At that point it became a matter of rules not working as written.
I’m a tech and I deal with users all day; I know what it means when a user says that they did exactly what I told them to do.
It should be noted that the stage of Point 2, where the computers could not communicate but no rules were in place to block it, lasted over a day. When I implemented the changes you suggested in the earlier post, I waited about 15 minutes and tested, and then rebooted. It seems like there is something very wrong somewhere.
cheers,
RCS
This is really odd.
I set up a two PC LAN with clean XP images. The only additional software installed was CFP on one of the PCs. I then set up the two BLOCK rules detailed earlier. Once these rules were in use, the other PC was blocked totally from the PC running CFP.
Did you have any other firewall software on these PCs prior to installing CFP (particularly ZA or Nortons)? There have been several posts regarding odd CFP behaviour that resulted from vestiges of a prior firewall remaining.
Please understand that I’m not saying it’s impossible that CFP is the cause, just that I have seen this type of behaviour caused by incomplete firewall uninstallations.
Ewen
I had installed Zone Alarm but it kept BSODing when it started up so I uninstalled it again. ZA never even ran successfully, so I don’t think there could be rules floating around.
As Maxwell Smart would say - “The old Zone Alarm uninstall will categorically remove all traces of itself trick. Secnd timeI fell for that one this week.”. ZA’s uninsaller is notorious for leaving traces behind. If you check the ZA" web site, from memory they’ve got a dedicated uninstall cleanup tool available for download.
It’s worth a shot 'cause I can’t think of anything else that could be doing this.
Is there nothing in your logs when the blockage ocurs?
Ewen
Sorry I haven’t responded until now. I just rebuilt both computers from scratch. One computer (called AUX) has NO firewall - not even the Windows firewall. The other computer (called MAIN) has Comodo, with both Defense+ and Firewall level set to “Safe Mode”. MAIN is able to access all resources on AUX, but AUX - although able to ping MAIN - is not able to access any resources on MAIN.