I’m not really sure how to do this - in some firewalls, you can have different settings depending on what network you are connected to (work, home, Wi-Fi @ starbucks). Can you do this with Comodo?
I’d like it to detect the IP address range, and for instance allow Windows Filesharing and shareza at home, but not when I’m at starbucks, for example.
I’m using CIS3.10 and WinXP SP3.
Hello jp10558
I’m sorry if the following information is incorrect (To some point) but I’m saying this by memory (I don’t have CIS in front of me as we speak)
First Way To Do It:
Summary: Create Rules For Each Application
Ex. Allow All Out Going Connections If In Network “Starbucks”
ex. Allow Port 45 from “starbucks” to Port 44 192.xx.x.xx
(Make sure you are in Custom Policy Mode Before Doing This)
Make sure you have the network(s) you want in the “My Network Zones”
(CIS > Firewall > My Network Zones)
Go to CIS > Firewall > Advance > Network Security Policy > select the program that you want to edit. > Edit
Remove The Current Rules (Or Edit)
For Outgoing: You’ll make the Destination to be “Network Zone” then choose the network zone you want (Ex. Starbucks / McDonalds etc etc)
For Incoming: You’ll Make the source to be “Network Zone” then choose the network zone you want (Ex. Starbucks / McDonalds etc etc)
Does this make any since?
Second Way:
You could also create # of configuration files for starbucks/home/McDonalds etc…
So Like Once You Are At Home You’ll Load the “Home Configuration”
and Once you go to Starbucks You’ll load the “Public/Start bucks Configuration”
(To Create a Configuration You’ll edit the policy as you wish and then go to CIS > Misc > Manage my Configurations > Export / Save) then you can save as many configurations you wish.)
To Quickly Change Configurations You can Right click the icon in the taskbar > Configuration > “Select the Configuration You wish to load”
Did this help?
Jacob
You should create a Wish in the wishlist section here:
https://forums.comodo.com/firewall_wishlist-b147.0/
Hmm, well if I could load a configuration from the command line/ via a scripted API, that would be OK.
Specifically, I want it automatic so that I cannot forget, because leaving open shares on untrusted networks and such is very dangerous.
So with the first, if my network is 192.168.1.0 / 255.255.255.0 I should allow connections there, but I can say for ?source? if my IP is 128.84.44.0 / 255.255.252.0 I can say block?
Would that then allow the application unrestricted access if on the first network, but block ALL access if on the second?
To clarify, I want to allow access if my computers IP is 192.168.1.100, but block access to that app if my computers IP is 128.84.47.140 for instance. Of course, with dynamic IPs, I don’t always get those IPs, but I will from within the range.
Hi,
Simple :
Create yours Networks Zones ,give them a name ,ex. Acces : IP 192.168.1.0 / 255.255.255.0 and Deny : IP 128.84.44.0 / 255.255.252.0
After for your application you edit the rule with :
1/ Allow “source IP” is Zone “Acces”,destination IP is All, direction is Out , your specific ports if you want
2/ Allow “source IP” is All,destination IP is Zone “Acces”, direction is IN , your specific ports if you want
3/Block “source IP” is Zone “Deny”,destination IP is All, direction is Out
4/Block “source IP” is All,destination IP is Zone “Deny”, direction is In
5/Block Protocol IP direction is In/Out
I’m testing now, but I have to say, this is far from obvious, especially when compared with the competitiors separate settings based on network in the GUI.
So it is working now as expected. One thing is I’m seeing a lot of logged Windows Operating System notices. For the specific app, these settings should be equivelent to a trusted app when on the “Access” network, and a blocked app when on the “Deny” network (named zone in Comodo) right?
Not exactly, in clear you say ok i allow when source Zone( your computer network) is “Access”,but i deny when source Zone(your computer network) is “Deny”,and if you want you can make another rule for specific application that say ok i allow when source Zone(your computer network) is “Deny”,but i deny when source Zone(your computer network) is “Access”.
The Zone inself do nothing,is not a rule is just a Zone,for help you to make yours rules.
And if you don’t need Inbound Connection for your specific application ,you can change the rule like this :
1/ Allow “source IP” is Zone “Acces”,destination IP is All, direction is Out , your specific ports if you want
2/ Block “source IP” is All,destination IP is Zone “Acces”, direction is IN , your specific ports if you want
3/Block “source IP” is Zone “Deny”,destination IP is All, direction is Out
4/Block “source IP” is All,destination IP is Zone “Deny”, direction is In
5/Block Protocol IP direction is In/Out