Block all in coming and outgoing packets except from a single IP

[Zaheer Ahmed]

I have installed Kasper Internet Security and configured the firewall to allow incoming/outgoing connection from a single IP.  But it is not working, I cannot access the system from the IP which is allowed access.  Here are the screen shots of my configuration :

 

[andrew75]

@Zaheer Ahmed, make sure your network is selected as trusted in the firewall settings

[Zaheer Ahmed]

Thanks for a quick reply.  Network is already marked as trusted, but still same issue.

 

[andrew75]

@Zaheer Ahmed, describe the problem in more detail please.

By your rule you allow all incoming and outgoing packets from the address 192.168.1.51 to the address 192.168.1.51

[Zaheer Ahmed]

What I am trying to achieve is to block a computer from internal/external (LAN/Internet) network access.  I want to copy to/from files in a shared folder on this PC from another PC with a fixed IP address.  No other PC on LAN should be able to access this PC and similarly this PC should not be able to access any other PC on LAN.

I am using Windows 10 Pro.  And the PC with IP address 192.168.1.51 is not able to access this PC with above settings.

When I allow Any Network Activity in Firewall, then I am able to access the PC.  But in that case all other PCs also can access the files in shared folder.

[andrew75]

@Zaheer Ahmed you must create two rules on the computer with ip 192.168.1.14 and place them at the top of the list.

1.

 

2.

 

The 1st rule allows access from the address 192.168.1.51
The 2nd rule denies access from the local network.

[Zaheer Ahmed]

@Zaheer Ahmed you must create two rules on the computer with ip 192.168.1.14 and place them at the top of the list.

1.

 

2.

 

The 1st rule allows access from the address 192.168.1.51
The 2nd rule denies access from the local network.

 

After applying the above settings, I was able to access 192.168.1.14 from 192.168.1.51.
But now 192.168.1.14 is also accessible from other PCs on Network, e.g. I tried to access it from 192.168.1.53 and after giving credentials I was able to login and see shared folders.

[Zaheer Ahmed]

After applying the above settings, I was able to access 192.168.1.14 from 192.168.1.51.
But now 192.168.1.14 is also accessible from other PCs on Network, e.g. I tried to access it from 192.168.1.53 and after giving credentials I was able to login and see shared folders.

Here are screen shots of updated settings :

 

[Wesly.Zhang]

Hello,

In order to understand your requirement clearly. I draw a network topology. Please mark your actual requirment in this picture. Their IP address of the PC and which PC install the Kaspersky product. Which computer is the resource sharing and so on. This can help us.

 

[Zaheer Ahmed]

Hello,

In order to understand your requirement clearly. I draw a network topology. Please mark your actual requirment in this picture. Their IP address of the PC and which PC install the Kaspersky product. Which computer is the resource sharing and so on. This can help us.

 

Thanks for replying.

Here is the drawing of access I want.

 

[harlan4096]

I think this should be implemented without needing Kaspersky… just setting/giving password protecting network resources to all the network PCs… then give credentials (user/password) to access the shared folders only to those systems You want…

   

 

 

[Wesly.Zhang]

After applying the above settings, I was able to access 192.168.1.14 from 192.168.1.51.
But now 192.168.1.14 is also accessible from other PCs on Network, e.g. I tried to access it from 192.168.1.53 and after giving credentials I was able to login and see shared folders.

Here are screen shots of updated settings :

 

Hello, @Zaheer Ahmed 

I think the second screenshot you should set firewall rule as below:

 

It worked?

Regards.

[Zaheer Ahmed]

After applying the above settings, I was able to access 192.168.1.14 from 192.168.1.51.
But now 192.168.1.14 is also accessible from other PCs on Network, e.g. I tried to access it from 192.168.1.53 and after giving credentials I was able to login and see shared folders.

Here are screen shots of updated settings :

 

Hello, @Zaheer Ahmed 

I think the second screenshot you should set firewall rule as below:

 

It worked?

Regards.

No.  Applying these settings, I was unable to connect from 192.168.1.51 or from any other PC

[Zaheer Ahmed]

I think this should be implemented without needing Kaspersky… just setting/giving password protecting network resources to all the network PCs… then give credentials (user/password) to access the shared folders only to those systems You want…

   

 

 

Kaspersky firewall DOES provide this facility.   Isn’t it better to configure a single PC ?

[Wesly.Zhang]

Hello, @Zaheer Ahmed 

I create a test envirment. My Physical host machine IP address is 192.168.1.7. MY VM machine IP address is 192.168.1.9. The all in one same network segment and the router LAN IP is 192.168.1.1.

I install KIS 2021 beta in VM machine (192.168.1.9). I am now testing this build. So I can not install KIS 2020, But I think the firewall behavior is the same.

I creat two rules in packet filter rules and modify the rules sequence as below:

Then using Physical host machine “Ping 192.168.1.9”. The result is as below: It is OK.

And then using VM machine “Ping 192.168.1.7”. The result is as below: It is OK to 192.168.1.7 and block to access 192.168.1.8. The behavior is as expect.

Do you also have this behavior? Please reply the result from you.

[Zaheer Ahmed]

Hello, @Zaheer Ahmed 

I create a test envirment. My Physical host machine IP address is 192.168.1.7. MY VM machine IP address is 192.168.1.9. The all in one same network segment and the router LAN IP is 192.168.1.1.

I install KIS 2021 beta in VM machine (192.168.1.9). I am now testing this build. So I can not install KIS 2020, But I think the firewall behavior is the same.

I creat two rules in packet filter rules and modify the rules sequence as below:

Then using Physical host machine “Ping 192.168.1.9”. The result is as below: It is OK.

And then using VM machine “Ping 192.168.1.7”. The result is as below: It is OK to 192.168.1.7 and block to access 192.168.1.8. The behavior is as expect.

Do you also have this behavior? Please reply the result from you.

Thanks alot.  Yes its working now.  I think I was missing the sequence.  2 & 3 were after 4 in my settings.