- CPU 32 bit (Celeron DUO T2400)
- XP Proff. Russian SP2 integrated
- СIS (Firewall & D+) 3.9…509 Russian , NOD32 2.70.39 Russian - antivirus
- incorrect work of Firewall Policy with “Host Name” inside
-
- Firewall = Safe Mode, D+ = Clean PC Mode
-
- Account with Admin. privil.
Steps to repeat “bug”
- Using Miranda with icq groupware protocol
- hostname of local server (inside Home LAN) is icq.xxx.com (not real, replaced)
- Creating Rule Allow UDP Out S:Any SP:Any D:hostname (icq.xxx.com) DP:4000
Below another Rule: Block and Log Any IP S:Any D:Any
Global Rules - Empty
So we allowed outgoing UDP to port 4000 to icq.xxx.com and blocked anything else.
In Home LAN icq.xxx.com resolves as 10.151.х.х
Also icq.xxx.com is reacheble from Internet.
When I go to my work and connect to Internet, icq.xxx.com resolves as another IP (79.х.х.х).
So, however HostName in Rule still SAME, but in Logs I see Blocked!
After small analyze I discovered that:
During Rules saving COMODO resolves HOSTNAME to IP and in Registry we can see
Name = icq.xxx.com AND
AddrStart=IP (in my case 10.151.x.x)
AddrEnd=IP, (in my case same 10.151.x.x)
So Rule still works basing on IP, not HOSTNAME.
This BUG can be reprodused using any hostname, that can be accesible via different IP. (but only way in any time)