Browser policy question

I am using Firefox and wondering which is the better network policy setting:custom policy or the predefined web browser policy?

Depends on your likings. Browser policy will do the job 99,9% of the time.

My browser Network Security policy is as follows:

Allow TCP out from 0.0.0.0 to 127.0.0.1 src port ANY to dest port in [80 / 443]
Allow UDP out from NIC to DNS src port ANY to dest port 53
Allow TCP out from NIC to ANY src port ANY to dest port [80 / 443]
Allow TCP out from NIC to in [WEBCS.yahoo] src port ANY to dest port [5050 / 843]
Ask & log Any any from any to any src port any dest port any

FWIW, the WEBCS.yahoo rule is for web-mail in-browser when logged into myYahoo account.

Your browser rule looks good.

It is in line with the predefined browser policy. Of the latter you left out the two FTP rules, added a custom rule for Yahoo and changed the block and log all rule to Ask and log all rule. Well done. :-TU

I don’t do FTP with the browser, I have a client (FTP Voyager) that handles that.

The last rule is default for EVERY app. That’s how I found out about the WEBCS.yahoo zone. The logging is very useful for maintaining zones. That way I can grant access and do what I need to immediately and catch up on the maintenance of zones / rules later.