Unfortunately it’s not a bug, it’s just doing what it’s supposed to. The alert is not about port 21, its about the application attempting to access port 21. The BLOCK applies to the application, not to the port. The need for application based security is increased if you are using a tabbed browser. How would we differentiate between an allowed port 21 access for one tab and a blocked port 21 access for another, as both requests are coming from the one instance of the browser?
Imagine you were using another application that was transferring data via FTP (port 21) while you were telling CFP to BLOCK port 21 for Firefox. If the port was blocked, the FTP transfer would fail. Also, port 21 CAN be valid within a browser, as some downloads are configured to use HTTP (port 80) and others are set to use FTP (port 21).
I can’t think of a way to achieve what you want, other than creating custom network monitor rules blocking port 21 for specific IP addresses, but this would only apply to the IP addresses in the rules.
I guess a feature request for Comodo would be that the message box in Comodo would have options, like: block application entirely, block port X for this application, block application for this ip address and block port X for this application for this ip address.
I agree that it is impossible to have 1 tab in Firefox allowed for port 21, and 1 disallowed, unless you block the port for specific ip addresses.