Allowing a host (with multiple IP) allow all hosts/IP

Comodo Internet Security - CIS Resolved/Outdated Issues - CIS
#1

Hi

So, here’s my stone to the firewall host rules bug reporting:

I want to block all mIRC connections (=Block IP In/Out From IP Any To IP Any Where Protocol Is Any) except irc.freenode.net (and some other) (=Allow TCP Out From IP Any To irc.freenode.net Where Source Port Is Any And Destination Is Any)

It seems to me that this rule worked when it was created, but now they allow every connections. :-\

So I have made some test:

The same problem occurs if irc.quakenet.org is allowed. But with irc.deviantart.com or che.indymedia.org it’s working properly

And after a nslookup I have found that the difference between these DNS is that they are linked to one or multiple IP

(If I replace the host by IPs, the rule is working properly)

my config:
A router + windows 7 + kaspersky internet security (but the network options and the NDIS 6 Filter are disabled) + comodo firewall 3.13.125662.579

#2

Can you confirm the same thing happens with Kaspersky disabled? Please try this. For all I know a program update of Kaspersky may have changed things.

#3

Confirmed, same behavior with kaspersky disabled (but not uninstalled)

#4

Try creating an ‘Prefefined Firewall’ policy with that rule and directly add mirc to that.

basically you’d want to dns the host…
/dns freenode.net … you’ll get something like:

[%] resolved [irc.freenode.net] to (216.155.130.130)
[%] resolved [irc.freenode.net] to (140.211.166.3)
[%] resolved [irc.freenode.net] to (213.92.8.4)
[%] resolved [irc.freenode.net] to (130.237.188.200)
[%] resolved [irc.freenode.net] to (130.239.18.172)
[%] resolved [irc.freenode.net] to (140.211.166.4)
[%] resolved [irc.freenode.net] to (207.182.240.74)

Allow those as predefined IPs to ANY and ANY at TCP although you only would need SSL port + 6665-6670 to destination ports and second rule of: Block, TCP and UDP, ANY ANY ANY ANY.

The ‘hostname’ works like 1/10 with comodo and even the firewall is so ■■■■ picky that crypted drives or removable program locations are totally ignored by support. However, even the hostname might work on predefined seems it does something differently than the regular rules set.

2 cents