[escalated]Firewall Adapter Zones

Hi


The lan I connect to is not very trustworthy as multiple people use it. So I would like to deny a number of local ip addresses or preferably mac addresses.


I was experimenting with the firewall adapter zone options. I thought i would test the deny functionality by setting the ip address of my computer and network router to deny. I was expecting this would prevent my computer from accessing the internet (as it needs to connect to the router to able to reach the internet) Unfortunately internet access was not prevented.


Is this intended behavior ? or a bug ?

Comments

  • Unknown
    edited September 2011

    Hello,


    Thank you for your post! I have escalated the bug to the Dev. Team. I have also created a ticket on your behalf with ID: 201109091045393. Please send me the requested log files via email.


    I will send you updates via email as soon as I will have them as as soon as the testing will be completed.


    I have noticed that the zones are working in terms of blocking the File sharing and the ping requests from the host PC (the PC with BitDefender) and the remote PC (the one you wish to block).


    You can add the IP in the Zones including the netmask for maxed restrictions (to include the entire subnetmask of that IP). Meaning you add the IP in the form: 192.168.1.1/16 instead of the regular IP (192.168.1.1).

  • Hello,


    When we Deny access to an IP in the Network Zones tab, BitDefender does not block all communication protocols, as I previously thought. It only blocks traffic at the IP level, not at the ARP level, which is below the IP in the network stack. BitDefender drivers monitor the ARP traffic, but ARP requests are not blocked.


    So, when we try to block ONLY the network Gateway (ie: 10.10.0.1), ARP requests still go through and those requests can obtain the gateway's MAC address. Having this MAC address, an IP packed can be created and can successfully achieve a TCP/IP 3 way handshake (ie: establish a valid connection to a web site).


    In order to answer your request, it is necessary to add to the Network Zones not only the gateway IP, but also the IP's of the DNS server or servers (if there is more than one). You can get this info from the ipconfig /all command in a command prompt window and copy it from the network adapter details.


    As a rule:


    - if the gateway IP is different from the DNS IP's, they must ALL be added to the Network Zones in order to block Internet traffic on that PC;


    - if the gateway's IP is the same as the DNS, it is obviously enough to add this one IP to be able to block Internet access on that specific PC;


    Hope it clarify things for you. If you have any further queries don't hesitate to contact us anytime!


    Kind regards,