Applaction Based Firewall Rule On Ip Adress?

[decoder 0]

i want to allow access internet explorer if ip range is 10.0.0.0 - 10.255.255.255

If IP range is other one i will block access

 

who can help me?

[Marcos 5,070]

Create a blocking rule for explorer.exe and the desired remote IP address range. However, this will be easy to bypass, e.g. by using a different browser or renaming explorer.exe.

[decoder 0]

when i do this, all traffic will be blocked. but i want allow this traffic if ip range is 10.0.0.0 - 10.255.255.255 and block explorer.exe if ip is not in range.

 

 

[Aryeh Goretsky 378]

Hello,

Perhaps a rule blocking 1.1.1.1-9.255.255.255 and 11.0.0.1-255.255.255.255. Not sure what effect this will have on localhost, APIPA or multicast connections in your network, though, so some testing should be performed before rolling the rule out to users.

Regards,

Aryeh Goretsky

[decoder 0]

is not working, i tryed this:

Block both sides, TCP & UDP, Application selected iexplorer.exe, remote adress added 2:

1.1.1.1-9.255.255.255 and 11.0.0.1-255.255.255.255.

 

when i have my 192.xxx.xxx.xxx IP i can surf with IE, nothing will be blocked.

 

For testing i delete this 2 routes and added 1.1.1.1 - 255.255.255.255 so all traffic in IE should be blocked? but here als i can surf with IE

It shows connection blocked but i can surf normal and open all sides who i dont have in cache and never surfed

 

 

Edited July 19, 2014 by decoder

[rugk 397]

That's strange, but you blocked only 1.1.1.9-... so some IP adresses (1.1.1.1 - 1.1.1.10) may be allowed. But of course it should also block quite all IP addresses.

 

So I tested to only allow 192.168.0.0 - 192.168.255.255. And it worked.

After this I tried to display a local IP and this worked.

 

And also the block of all IPs (1.1.1.1 - 255.255.255.255) worked:

 

But then I tried to test a workaround. I wanted to block all DNS servers (so you can only access the sites you know the IP) and for this I used the zone "DNS Servers".

 

But in this screenshot you can see that it doesn't work.

Edited July 20, 2014 by rugk

[Arakasi 549]

You cant block all dns servers

 

You need them to route traffic and resolve addresses to ip's

[rugk 397]

But if so what means the zone "DNS servers" in the settings?

[Arakasi 549]

Can you take a screen shot ?

 

Automatically generated trusted zone for DNS locally will almost always be your gateway and local subnet.

Local dns will be handled by your router so you can resolve other devices on your network, like printers and other computers.

While the external DNS you are using will be inputted into the router, or in your lan adapter, this address cannot be blocked or you won't have internet, lol.

When your subnet is added to the trusted zone, all traffic internally will usually be ignored by the firewall, its usually added as soon as you enable your adapter, obtain a connection, and get the ESET network popup asking for private or public.

 

However we are starting to get a little off topic.

I think Aryeh's response was pretty darn close to what the OP was asking for.

As soon as i get the chance to sit down and turn my brain on, i will try and see if i too can help the OP.

Edited July 20, 2014 by Arakasi

[rugk 397]

While the external DNS you are using will be inputted into the router, or in your lan adapter, this address cannot be blocked or you won't have internet, lol.

I think this is the intention of @decoder. He only want to have access to the LAN (with IE) and he want to block all other network connections.

Edited July 20, 2014 by rugk

[decoder 0]

i dont understand why this here is not working. i am connected with 192.168.1.27 and want block Internet Explorer access on: C:\Program Files\Internet Explorer\iexplore.exe

also tryed with chrome.exe same result.

 

should i reinstall ESET? What is the Problem?

 

[Arakasi 549]

What does your local and remote tabs look like ?

[Arakasi 549]

I am testing this on Endpoint, and it seems i am having difficulties as well.

[Arakasi 549]

Okay figured it out.

 

for 64bit you have to include C:\program files & C:\program files(x86)

 

Stupid. If one is blocked it uses the other.

Block both

[rugk 397]

Ok that explains it. In my test I used a 32bit OS and so it worked fine...

[Arakasi 549]

[decoder 0]

Have tryed this. Have now two rules for Internet explorer with this 2 folder:

C:\Program Files\Internet Explorer\iexplore.exe and C:\Program Files (x86)\Internet Explorer\iexplore.exe

 

i want to block internet access if my IP is 192.168.x.x

 

But i can surf with Internet explorer on web. also sides who are never surfed and 100% not in cache are opening

 

 

[SCR 195]

Okay figured it out.

 

for 64bit you have to include C:\program files & C:\program files(x86)

 

Stupid. If one is blocked it uses the other.

Block both

That explains the continued unwanted connections by IE.

Thanks for the resolution.

Edited July 24, 2014 by SCR

[Arakasi 549]

Yes, decoder just needs to follow Aryeh's instructions for both applications now and he should have his resolution too.

 

You are most welcome SCR

[decoder 0]

please see my last post and screens. habe tryed this with 2 rules and 2 blocked IE.exe 32 / 64 bit but always same. can surf normal with IE, nothing will be blocked. cache is clear