BUG: crl.entrust.net disables firewall completely!


I absolutely loved Comodo Firewal until it started to drive me crazy.

What I have it set up is a netbook that is allowed to access a single website only.
I deleted all the pre-set rules, set a “deny everything” rule as lowest priority, allowed TCP/UDP to port 53 (to enable DNS) and allowed access to the website using hostname.

It all worked perfectly up to the moment when I switched to https. To be able to use https the browser has to validate the certificate. I use Entrust, so I have to let the computer access these hosts:

It seems like if I allow access to crl.entrust.net or aia.entrust.net, CFW simply allows access to everything else as well! If I select IP, I can ping every other hosts.

I’ve been trying for ages, and I think it’s simply a bug. It doesn’t happen with ocsp.entrust.net. And I haven’t managed to find any other hosts to work in a similar way. I thought it was because the hosts use CNAME, but not. I thought it was because the CDN or the Round Robin in the domain records, but no… google.com works the same way but it does not give the same error.
Both the crl and aia hosts resolve to cdn.entrust.net.c.footprint.net. If I allow connections to this address, I get the same issue.

Why is it doing this to me? Any ideas for a workaround?


Be very patient or look for a firewall which can handle host name based rules correctly. I reported this behavior over half a year ago.