Page 1 of 1

Lan Protection

PostPosted: Mon Feb 06, 2017 9:37 pm
by broadband
My network is on the 10.10.2.0 IP segment; not 192.168.2.0. Can I safely delete the default LAN IPv4 zone rule and substitute my network address for it? Also what would be the IPv6 equivalent and what's the 24/32 appended to the end of the network segment. Would it change according to my subnet mask, i.e. 255.255.255.0 vs. 255.252.0.0? The reason I ask is that I still get blocks on my network when choosing LAN only or LANGame, especially with printers and servers. I end up having to make a custom rule for each private IP address. I'm using Network/Cloud version 8.1.0.16 without deploying my config to other PCs on the network

Re: Lan Protection

PostPosted: Tue Feb 07, 2017 10:39 am
by VistaFirewallControl
>My network is on the 10.10.2.0 IP segment; not 192.168.2.0. Can I safely delete the default LAN IPv4 zone rule and substitute my network address for it?

Settings/LANs is exactly for it.
It’s able to substitute all LAN* rules in all zones and applications with the new LAN* set.

>Also what would be the IPv6 equivalent and what's the 24/32 appended to the end of the network segment. Would it change according to my subnet mask, i.e. 255.255.255.0 vs. 255.252.0.0?

There are no direct equivalents for IPv4 mask in IPv6.
IPv6 is not a regular extension to IPv4.
Do you really have IPv6 local networking/routing?

>The reason I ask is that I still get blocks on my network when choosing LAN only or LANGame, especially with printers and servers.

LANOnly (and some other zones) are generated automatically on the program first launch and should reflect current network interface settings.
So LanOnly should include 10.10.2.0 with appropriate mask by default.
What was the initial LanOnly content?


>I end up having to make a custom rule for each private IP address.

Most probably Settings/LANs was able to help.

Re: Lan Protection

PostPosted: Wed Feb 08, 2017 1:26 am
by broadband
Ok. Then I guess my follow up question would be does the rank of the LANs in the settings dialog affect it's priority? Because my 10.10.2.0 segment was the last of the three LANs listed.

Re: Lan Protection

PostPosted: Wed Feb 08, 2017 8:31 am
by VistaFirewallControl
The rules in zone do have priority from top to bottom.
I.e. the bottom rules take higher priority.
However most probably prioritizing inside LANs makes no a practical sense as all the LANs are generally treated as safe equally.
You should take into account that a priority could be important if the rules “areas” intersect.
For instance if you have only by-LAN rules and the subranges do not intersect, the rules priority (sequence) may be arbitrary as every rule covers its own unique range.
The priorities importance arises when the subranges are intersecting or you have per-port and per-IP rules at the same time.

> my 10.10.2.0 segment was the last of the three LANs listed.

You can move rules up and down of required anytime

Need more comments? Welcome