Jump to content

Firewall Rule Set-up


Go to solution Solved by puff-m-d,

Recommended Posts

  • ESET Insiders

Hello,

 

I need to set a rule to block all IP addresses except those that fall within a specific range. I want to do this to keep anything from leaking from my VPN. For example:

  • Allow IP's only in range 1.1.1.1 - 2.2.2.2 (network source rule for TAP adapter)
  • Block all other IP addresses
  • Applies to all applications
  • Direction: outgoing
  • Protocols: TCP and UDP
  • All ports

Is there a way to do this? I know, for instance, that Comodo has a "block except" option for the IP range that ESET does not have, I am sure it can be done in ESET but I am not the best in configuring the firewall. Any help will be appreciated.

 

When you connect to the VPN, regardless of the server you're connected to, your TUN/TAP adapter is DHCP-assigned an IP address in the range specified by our Technical Specs page.

Therefore, in order to block a program to send out packets when you're not connected to the VPN, just block (for any program you wish or all programs) any outgoing packet NOT coming from the specified IP range, from any port to any port.

 

Edited by puff-m-d
Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Insiders

Hello,

 

Since I have not received any replies to my post, let me ask it a bit differently. I have now set up a separate zone which loads another profile for my VPN. Is there some way to create a rule in this profile that only allows traffic within my VPN tunnel so that if any app tries to connect outside the tunnel it will be blocked? With this zone setup, if for some reason it resets to the default zone, I am notified by ESS. That is good enough for me as long as I can figure out a rule for my VPN zone/profile that will only allow traffic through the tunnel. I am not having any luck in creating a rule that works as I am not the best with firewalls i.e. ESS firewall. Any help will be greatly appreciated! Surely someone here is knowledgeable enough to help me and let me know if this can be done or not...

Link to comment
Share on other sites

  • Administrators

Try creating 2 rules - a blocking rule that will block communication for all IP addresses and an allowing rule that will allow the communication within the range 1.1.1.1 - 2.2.2.2.

Link to comment
Share on other sites

  • ESET Insiders
  • Solution

Hello,

 

First, thank you to Marcos for his suggestion in the above post. His suggestion pointed in in the direction that I needed to go.

 

I have two zones, one for my ethernet and one for my VPN. For each zone I created its own profile and I have ESS set to switch automatically to the correct profile when the zone changes. In my ethernet zone profile, I added 3 rules, a block all rule for all applications,  an allow rule for my VPN client to connect to their login server, and a rule for OpenVPN to allow the VPN tunnel. When I boot my system everything is blocked except the two connections needed to start my VPN tunnel. Once my tunnel starts, the zone is automatically changed to VPN which in turn loads that profile. That profile does not have the 3 rules that I added above to the ethernet zone profile. This allows the ESS firewall to perform normally while in the tunnel.

 

The only thing I lack now is the blocking of traffic if my VPN connection drops, but my VPN client is adding that feature within the next two weeks. Once this is added, my setup will be what I want.

 

Thanks for your post Marcos as it definitely helped me solve my setup.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...