buga 0 Posted ... Hi, my question is probably really stupid but the guide says: 11) Add similar rules to allow communications of your device with your router (and within your home/office network, if you wish so). For example, if your network is [192.168.0.0 / 255.255.0.0] define a network zone with IP Range [192.168.0.0 - 192.168.255.255] (let's call it "Home Network") and set the following rules: Allow TCP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Any Allow UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Not 53 Allow ICMP In/Out From In [Home Network] To In [Home Network] Where ICMP Message Is Any From what I understand, you MUST create the rule so it can connect to the router but connecting to the home/office network is only voluntary or is this entire rule voluntary? Well I certainly don't want to allow the entire home network as my main point of using the service is to protect my traffic from random people in public places, e.g. airports. So does this mean that every time I go to a coffee shop or something I have to go to ipconfig and get the default gateway and subnet mask for the public router? E.g., right now those are 192.168.1.1/255.255.255.0. Should I just create these 3 rules using the specific IP of 192.168.1.1 and forget about the "home network zone?" Second question: 6) Define a "Global Rule" which blocks everything: Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is Any The logging is important for troubleshooting if necessary. Why does it say From/To MAC any? When I select MAC as the type of source or destination address, I have to enter a specific MAC address. Does MAC any mean source/destination address > ANY ADDRESS? TYIA Quote Share this post Link to post
Staff 9972 Posted ... Hi, my question is probably really stupid but the guide says:11) Add similar rules to allow communications of your device with your router (and within your home/office network, if you wish so). For example, if your network is [192.168.0.0 / 255.255.0.0] define a network zone with IP Range [192.168.0.0 - 192.168.255.255] (let's call it "Home Network") and set the following rules:Allow TCP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is AnyAllow UDP In/Out From In [Home Network] To In [Home Network] Where Source Port Is Any And Destination Port Is Not 53Allow ICMP In/Out From In [Home Network] To In [Home Network] Where ICMP Message Is AnyFrom what I understand, you MUST create the rule so it can connect to the router but connecting to the home/office network is only voluntary or is this entire rule voluntary?Hello!The rule is mandatory if you wish to communicate within your network.Well I certainly don't want to allow the entire home network as my main point of using the service is to protect my traffic from random people in public places, e.g. airports.In this case just allow communications with your network gateway IP address.So does this mean that every time I go to a coffee shop or something I have to go to ipconfig and get the default gateway and subnet mask for the public router?Yes.Second question:6) Define a "Global Rule" which blocks everything:Block And Log IP In/Out From MAC Any To MAC Any Where Protocol Is AnyThe logging is important for troubleshooting if necessary.Why does it say From/To MAC any? When I select MAC as the type of source or destination address, I have to enter a specific MAC address. Does MAC any mean source/destination address > ANY ADDRESS?TYIAYes. Comodo reports in the rule description "MAC Any" when you select "Any Address".Kind regards Quote Share this post Link to post
buga 0 Posted ... After adding all the allow rules I still can't connect. If I remove the block rule, connect, and then add the block rule, my connection remains okay and if I disconnect from airvpn, the internet is blocked as it should be. So it's working fine except for the initial connection so which rules should I be looking at? Quote Share this post Link to post
cybertrancer 2 Posted ... Hi all! I think the rules description on the "Prevent leaks with Windows & Comodo" thread is not 100% the same as the latest version of "Comodo Firewall" (Free) or maybe they aply to the "Comodo Internet Security" suite. I have also isnatlled only the Comodo Firewall and i saw the differences as the OP has posted. I believe it makes more sense for the rule to apply to "Any Address" and not to "MAC Address" because if one selects "MAC Address" then a MAC address has to be input. See the printscreens of what i speak of... Quote Share this post Link to post
Staff 9972 Posted ... After adding all the allow rules I still can't connect. If I remove the block rule, connect, and then add the block rule, my connection remains okay and if I disconnect from airvpn, the internet is blocked as it should be. So it's working fine except for the initial connection so which rules should I be looking at?Hello!At your convenience please send us a screenshot of your Comodo global rules and network zones.Kind regards Quote Share this post Link to post
buga 0 Posted ... Here are the screenshots though you can't see the detail of the global rules. Quote Share this post Link to post
Staff 9972 Posted ... Here are the screenshots though you can't see the detail of the global rules.Hello!We're sorry, we can't read anything on the image. Can you please re-send at higher resolution?Kind regards Quote Share this post Link to post