allow local - internet ask


I thought I had it but was wrong.

I want a ‘predefined policy’ that allows all homenet traffic but (blocks) has to ask for any outside connection.

My problem is that I think it is neccessary to embrace into the allow part all the traffic directed at localhost to avoid some problems some apps might have and to minimize popups.
More to the point, I have a proxy running or TOR that goes out via port 9050. So all the apps I thought would stay inhouse so to speak went happily outside via the port 9050 at localhost…

Can you help to set up a rule? I thought in the target port settings ‘except’ port 9050 would be the solution but I was wrong. So I do not know how…