Allow App to Access certain IP results in Allow All Rule


when the firewall is in Custom Mode I get a popup for an application which wants to access e.g. I want want to give the app the access rights only to this IP (or any other IP it requests).
But when I allow the access this will result in an Allow All rule. Is this the desired behaviour of CFP? This seems to be strange as it gives no real control over the access rights. If this is indeed the desired behaviour, what is the difference to a Trusted Application? Is there a possibility to change this without manually defining a rule for every programm?