Jump to content
Not connected, Your IP: 3.143.5.161
Sign in to follow this  
buga

Blocking leaks with Comodo

Recommended Posts

Hi, my question is probably really stupid but the guide says:

11) Add similar rules to allow communications of your device with your router (and within your home/office network, if you wish so). For example, if your network is [192.168.0.0 / 255.255.0.0] define a network zone with IP Range [192.168.0.0 - 192.168.255.255] (let's call it "Home Network") and set the following rules:

Allow TCP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Any

Allow UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Not 53

Allow ICMP In/Out From In [Home Network] To In [Home Network] Where ICMP Message Is Any

From what I understand, you MUST create the rule so it can connect to the router but connecting to the home/office network is only voluntary or is this entire rule voluntary?

Well I certainly don't want to allow the entire home network as my main point of using the service is to protect my traffic from random people in public places, e.g. airports.

So does this mean that every time I go to a coffee shop or something I have to go to ipconfig and get the default gateway and subnet mask for the public router?

E.g., right now those are 192.168.1.1/255.255.255.0. Should I just create these 3 rules using the specific IP of 192.168.1.1 and forget about the "home network zone?"

Second question:

6) Define a "Global Rule" which blocks everything:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any

The logging is important for troubleshooting if necessary.

Why does it say From/To MAC any? When I select MAC as the type of source or destination address, I have to enter a specific MAC address. Does MAC any mean source/destination address > ANY ADDRESS?

TYIA

Share this post


Link to post

Hi, my question is probably really stupid but the guide says:

11) Add similar rules to allow communications of your device with your router (and within your home/office network, if you wish so). For example, if your network is [192.168.0.0 / 255.255.0.0] define a network zone with IP Range [192.168.0.0 - 192.168.255.255] (let's call it "Home Network") and set the following rules:

Allow TCP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Any

Allow UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Not 53

Allow ICMP In/Out From In [Home Network] To In [Home Network] Where ICMP Message Is Any

From what I understand, you MUST create the rule so it can connect to the router but connecting to the home/office network is only voluntary or is this entire rule voluntary?

Hello!

The rule is mandatory if you wish to communicate within your network.

Well I certainly don't want to allow the entire home network as my main point of using the service is to protect my traffic from random people in public places, e.g. airports.

In this case just allow communications with your network gateway IP address.

So does this mean that every time I go to a coffee shop or something I have to go to ipconfig and get the default gateway and subnet mask for the public router?

Yes.

Second question:

6) Define a "Global Rule" which blocks everything:

Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any

The logging is important for troubleshooting if necessary.

Why does it say From/To MAC any? When I select MAC as the type of source or destination address, I have to enter a specific MAC address. Does MAC any mean source/destination address > ANY ADDRESS?

TYIA

Yes. Comodo reports in the rule description "MAC Any" when you select "Any Address".

Kind regards

Share this post


Link to post

After adding all the allow rules I still can't connect.

If I remove the block rule, connect, and then add the block rule, my connection remains okay and if I disconnect from airvpn, the internet is blocked as it should be.

So it's working fine except for the initial connection so which rules should I be looking at?

Share this post


Link to post

Hi all!

I think the rules description on the "Prevent leaks with Windows & Comodo" thread is not 100% the same as the latest version of "Comodo Firewall" (Free) or maybe they aply to the "Comodo Internet Security" suite.

I have also isnatlled only the Comodo Firewall and i saw the differences as the OP has posted.

I believe it makes more sense for the rule to apply to "Any Address" and not to "MAC Address" because if one selects "MAC Address" then a MAC address has to be input.

See the printscreens of what i speak of...

Share this post


Link to post

After adding all the allow rules I still can't connect.

If I remove the block rule, connect, and then add the block rule, my connection remains okay and if I disconnect from airvpn, the internet is blocked as it should be.

So it's working fine except for the initial connection so which rules should I be looking at?

Hello!

At your convenience please send us a screenshot of your Comodo global rules and network zones.

Kind regards

Share this post


Link to post

Here are the screenshots though you can't see the detail of the global rules.

Share this post


Link to post

Here are the screenshots though you can't see the detail of the global rules.

Hello!

We're sorry, we can't read anything on the image. Can you please re-send at higher resolution?

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...