Jump to content

Applaction Based Firewall Rule On Ip Adress?


Recommended Posts

i want to allow access internet explorer if ip range is 10.0.0.0 - 10.255.255.255

If IP range is other one i will block access

 

who can help me?

Link to comment
Share on other sites

  • Administrators

Create a blocking rule for explorer.exe and the desired remote IP address range. However, this will be easy to bypass, e.g. by using a different browser or renaming explorer.exe.

Link to comment
Share on other sites

when i do this, all traffic will be blocked. but i want allow this traffic if ip range is 10.0.0.0 - 10.255.255.255 and block explorer.exe if ip is not in range.

 

 

Link to comment
Share on other sites

  • ESET Moderators

Hello,

Perhaps a rule blocking 1.1.1.1-9.255.255.255 and 11.0.0.1-255.255.255.255. Not sure what effect this will have on localhost, APIPA or multicast connections in your network, though, so some testing should be performed before rolling the rule out to users.

Regards,

Aryeh Goretsky

Link to comment
Share on other sites

is not working, i tryed this:

Block both sides, TCP & UDP, Application selected iexplorer.exe, remote adress added 2:

1.1.1.1-9.255.255.255 and 11.0.0.1-255.255.255.255.

 

when i have my 192.xxx.xxx.xxx IP i can surf with IE, nothing will be blocked.

 

For testing i delete this 2 routes and added 1.1.1.1 - 255.255.255.255 so all traffic in IE should be blocked? but here als i can surf with IE :(

It shows connection blocked but i can surf normal and open all sides who i dont have in cache and never surfed

 

 

post-4574-0-53948100-1405764375_thumb.png

post-4574-0-04716500-1405764376_thumb.png

post-4574-0-50323700-1405764376_thumb.png

post-4574-0-56175700-1405764606_thumb.png

Edited by decoder
Link to comment
Share on other sites

That's strange, but you blocked only 1.1.1.9-... so some IP adresses (1.1.1.1 - 1.1.1.10) may be allowed. But of course it should also block quite all IP addresses.

 

So I tested to only allow 192.168.0.0 - 192.168.255.255. And it worked.

post-3952-0-56421400-1405874488_thumb.png

After this I tried to display a local IP and this worked.

 

And also the block of all IPs (1.1.1.1 - 255.255.255.255) worked:

post-3952-0-28141000-1405875217_thumb.png

 

But then I tried to test a workaround. I wanted to block all DNS servers (so you can only access the sites you know the IP) and for this I used the zone "DNS Servers".

 

But in this screenshot you can see that it doesn't work.

post-3952-0-86120800-1405875221_thumb.png

Edited by rugk
Link to comment
Share on other sites

Can you take a screen shot ?

 

Automatically generated trusted zone for DNS locally will almost always be your gateway and local subnet.

Local dns will be handled by your router so you can resolve other devices on your network, like printers and other computers.

While the external DNS you are using will be inputted into the router, or in your lan adapter, this address cannot be blocked or you won't have internet, lol.

When your subnet is added to the trusted zone, all traffic internally will usually be ignored by the firewall, its usually added as soon as you enable your adapter, obtain a connection, and get the ESET network popup asking for private or public.

 

However we are starting to get a little off topic. :unsure:

I think Aryeh's response was pretty darn close to what the OP was asking for. ;)

As soon as i get the chance to sit down and turn my brain on, i will try and see if i too can help the OP.

Edited by Arakasi
Link to comment
Share on other sites

While the external DNS you are using will be inputted into the router, or in your lan adapter, this address cannot be blocked or you won't have internet, lol.

I think this is the intention of @decoder. He only want to have access to the LAN (with IE) and he want to block all other network connections.

Edited by rugk
Link to comment
Share on other sites

i dont understand why this here is not working. i am connected with 192.168.1.27 and want block Internet Explorer access on: C:\Program Files\Internet Explorer\iexplore.exe

also tryed with chrome.exe same result.

 

should i reinstall ESET? What is the Problem? :(

 

post-4574-0-34171300-1406118327_thumb.png

Link to comment
Share on other sites

Okay figured it out.

 

for 64bit you have to include C:\program files & C:\program files(x86)

 

Stupid. If one is blocked it uses the other.

Block both

Link to comment
Share on other sites

Have tryed this. Have now two rules for Internet explorer with this 2 folder:

C:\Program Files\Internet Explorer\iexplore.exe and C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

i want to block internet access if my IP is 192.168.x.x

 

But i can surf with Internet explorer on web. also sides who are never surfed and 100% not in cache are opening :(

 

 

post-4574-0-91736600-1406206978_thumb.png

post-4574-0-40500500-1406206979_thumb.png

post-4574-0-85785200-1406206979_thumb.png

post-4574-0-33219900-1406206980_thumb.png

post-4574-0-82725300-1406206980_thumb.png

Link to comment
Share on other sites

  • Most Valued Members

Okay figured it out.

 

for 64bit you have to include C:\program files & C:\program files(x86)

 

Stupid. If one is blocked it uses the other.

Block both

That explains the continued unwanted connections by IE.

Thanks for the resolution. :)

Edited by SCR
Link to comment
Share on other sites

Yes, decoder just needs to follow Aryeh's instructions for both applications now and he should have his resolution too.

 

You are most welcome SCR

Link to comment
Share on other sites

please see my last post and screens. habe tryed this with 2 rules and 2 blocked IE.exe 32 / 64 bit but always same. can surf normal with IE, nothing will be blocked. cache is clear :(

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...