Firewall content blocker

Does the firewall have some sort of content blocker for blocking web addresses?

If not, can it be implemented? Preferably something that:

a. supports multiple wildcards (the asterisk in particular) such as
b. supports subscribing to multiple blocklists, such as the ones available from as well as separate, self-defined blocklists, where you would insert your own rules.
c. supports redirection, for example, redirect http://* to https://*

It is possible in principle but CIS is not really equipped for it.

It’s better to use a dedicated solution like Ad Block Plus, K9 and others.

Ad Block Plus is browser-specific. I use many browsers. I would like something that blanket-covers everything.

Download page
“K9 Web Protection License Request”

Nope, this doesn’t sit with me. Besides, how do I install it on clients’ computers if I have to register for each client? I can’t go registering with the clients’ email addresses.

So. Would it be possible for Comodo Firewall to have this implemented?

You can block sites manually by going to Firewall → Network Security Policy → Blocked Zones, then click Add and select A New Blocked Address.

Note that you can block by host name, but sometimes that doesn’t work very well. Using the IP address of the site you wish to block tends to work better.

I don’t see those options anywhere.

Hi AE_Sec,
It appears that you do not have the firewall component installed.
Please see the following instructions and tick both AV and Firewall if you want both.
Switching Between Complete CIS Suite and Individual Components (just AV or FW)

[attachment deleted by admin]

I already installed the firewall. In fact I installed it before the antivirus.

This is kinda ridiculous. How do I now enable the Firewall without installing something again?

If you installed the standalone AV after the standalone firewall, it won’t add the AV to the firewall, it will install the standalone AV instead of the standalone firewall.

The link that Captainsticks provided tells you how you can add the firewall to your standalone AV installation.

This is absurd behavior and they should change it, but okay…

The reason I didn’t give Captainsticks’ link more than a glance is because it is 5 pages long. That is a severe case of TLDR. Turns out I only needed the one line, not all 5 pages:

“Click Start > All Programs > COMODO > COMODO Internet Security > Add and Remove Components”

Alright back to this point. Blocking via the IP address is completely impractical, so that’s out. Blocking by host is also impractical. If I wanted to do that I could just use the Windows hosts file. The reason I don’t want to block on a hosts basis is because sometimes I don’t want to block an entire domain, I only want to block certain aspects of that domain. This is why I asked at the beginning if it supports multiple wildcards. The other functions, blocklist subscriptions (like in adblock plus) and URL redirection capabilities are also things that would be hugely desired by many people.

Since these three functions don’t exist, is there somewhere I can contact the Firewall Developers to ask if they can be implemented?

One more thing. When I enabled the Comodo firewall, Windows’ firewall was automatically disabled. I have re-enabled it. Will having both enabled cause problems?

Use the browser that works like you wish. I never got the idea to involve another company into that.

You can safely disable the windows firewall, as long as you have another one running.
Something blocked is blocked. It does not have to be blocked twice.

You can make a post in the Wishlist - CIS forum.

Having two software firewalls running at the same time isn’t recommended.

What? That phrase doesn’t make much sense.

Thanks, will do.

I’ll keep both Firewalls enabled until something goes wrong. So far so good.

When i use a browser, i use one that fits my needs. I would not ask the producer of a firewall to solve my browsers lacks.

Now, that doesnt make sense on the other hand :wink:

We don’t recommend two firewalls (or AV’s, or behaviour blockers or HIPS programs) at the same time. It is a well known source of compatibility issues and should therefor be avoided.

Sorry you feel as if it was overkill, I just thought the link to the appropriate section of the help file was best to explain the situation.
IMO to much info is better that to little. :wink:

I use multiple browsers. I also do IT support for people who use ■■■■ browsers (such as IE) and instead of jumping through hoops to keep up to date on content blocking with multiple browsers, a firewall solution is a better way of blocking for all. I personally don’t want to touch IE with a 10 meter pole, even for testing it, so a firewall solution would be much better.

What makes no sense is a firewall that doesn’t have URL blocking capabilities (and one that supports wildcards too!) - to me, URL blocking is half the purpose of a firewall. Why even call it a firewall if it can’t do that?

It has been working fine, so I don’t see a problem. If Comodo’s firewall misses something, Window’s firewall should block what it misses.

As has already been mentioned, you can block sites with the firewall…

That’s not quite how firewalls work.

Even Microsoft recommends turning off the Windows firewall if you are going to be running another software firewall.

The problem with two firewalls is: How do you know if there’s a problem? Sure, you tell if your computer is crashing, but if there is confusion between the two firewalls and packets are being let through unfiltered, how are you going to know?

You can block domains, which I already explained is useless, as you get the same function via the hosts file anyway. There is no wildcard support, which means you don’t have much control at all over sites that are blocked.

I don’t see how packets would be let through unfiltered just because a second firewall is running. If anything, I would expect more packets to be filtered, not less.

I’m behind router firewalls and NAT anyway, so for me, at least, this isn’t a huge issue.

CIS is not very suitable to uses for content filtering.I would suggest to add Open DNS Family Shield DNS servers to your customer’s routers as an alternative.

I don’t want to block ordinary content (which the Open DNS Family Shield will do), I want to block malicious content and ads. I want full control over what is blocked, not have some 3rd party DNS service deciding.

CIS is not very suitable, yet. I’m hoping that will change.