I’ve got a program.exe requesting outbound connection to the wild.
I’ve increased the ‘‘alert frequency’’ of the Firewall to level four (that is, instead of balloon-alerting only once for the outbound connection, it actually asks for both the source port and the protocol).
Okay, so program.exe is runned and requests outbound to [IP] on TCP protocol for port 4460, and I accept with the ‘‘remember my answer’’ switch ticked.
When I take a look in my application rules, under program.exe it showed:
Always allow TCP out, to any IP, from any source port and to destination port 4460.
I had expected the rule to be:
Always allow TCP out, to any IP, from source port 4460 and to any destination port… because I don’t care which is the destination port of the machine which is getting the connection, but I do care about my program.exe being allowed to initiate outbound connections from other source ports than 4460!
Have I just found a serious bug, or is my reasoning just wrong?