So, yeah. I’ve been trying to use the COMODO Firewall from CIS 12.2 to block a particular process from accessing a certain domain. I did so by setting the firewall to custom ruleset, disabled any rule auto-creation, enabled alerts and added an app >>block TCP out<< rule for the domain “login.live.com”. I had a number of rules for different IP addresses that this domain resolved to, so I wanted to replace them with a single domain rule. I did so while adding a new rule by using the destination dropdown box and choosing “Host Name” from the type list while entering “login.live.com” into the textbox. I know, I know… the image below is an example from the COMODO help website and it shows the dropdown menu for the source address. I did it in the destination address instead.
Anyway, thing is after deleting all existing IP address rules for domain “login.live.com” I am still getting outgoing traffic alerts for the given domain IP addresses. It seems like the host name rule is ignored. I’ve searched the forum and I’ve seen people have similar problems with earlier versions of CIS (i.e. CIS6), so I was wondering what’s up with this feature. Am I doing something wrong or is it still broken? The reason I wanted to use a hostname block is because some IPs may be dynamic. Using a host name would allow me to avoid having to manually add new IP’s each time they change and inadvertedly blocking some defunct IP’s. The domain login.live.com is only an example in this case, there are other domains that I wished to block, and the connections do not necessarily use ports 443 or 80 (meaning all ports have to be blocked, meaning website filtering isn’t an option here).
These are my current collected IP addresses for the domain “login.live.com” (this is likely not a full list, its only what I have seen in the firewall):
40.90.22.184 to 40.90.22.192
40.90.23.63, 40.90.23.68, 40.90.23.153, 40.90.23.154, 40.90.23.206, 40.90.23.208, 40.90.23.247
40.90.137.120, 40.90.137.124 to 40.90.137.127