Firewall Policy with "Host Name" Bug

  1. CPU 32 bit (Celeron DUO T2400)
  2. XP Proff. Russian SP2 integrated
  3. СIS (Firewall & D+) 3.9…509 Russian , NOD32 2.70.39 Russian - antivirus
  4. incorrect work of Firewall Policy with “Host Name” inside

  5. Firewall = Safe Mode, D+ = Clean PC Mode

  6. Account with Admin. privil.

Steps to repeat “bug”

  1. Using Miranda with icq groupware protocol
  2. hostname of local server (inside Home LAN) is (not real, replaced)
  3. Creating Rule Allow UDP Out S:Any SP:Any D:hostname ( DP:4000
    Below another Rule: Block and Log Any IP S:Any D:Any

Global Rules - Empty

So we allowed outgoing UDP to port 4000 to and blocked anything else.
In Home LAN resolves as 10.151.х.х

Also is reacheble from Internet.
When I go to my work and connect to Internet, resolves as another IP (79.х.х.х).
So, however HostName in Rule still SAME, but in Logs I see Blocked!

After small analyze I discovered that:
During Rules saving COMODO resolves HOSTNAME to IP and in Registry we can see
Name = AND
AddrStart=IP (in my case 10.151.x.x)
AddrEnd=IP, (in my case same 10.151.x.x)

So Rule still works basing on IP, not HOSTNAME.

This BUG can be reprodused using any hostname, that can be accesible via different IP. (but only way in any time)

Any comments from developers? It is a huge Bug, because it totaly restrict usage of Hostname in Rules.

More than week passed since my last post in this topic. May be someone want to explain any future steps in resolving this bug?

It seems like screaming in desert.
No answer at all…

Hey, sorry no one has picked this up. To be honest, I’m not sure who uses ICQ outside or Russia these days.

Miranda works fine for me on Yahoo and MSN

It looks like the firewall rules (and firewall engine) are IP based so a GUI change to point out IP based rule enforcement could be a solution;msg303388#msg303388