Differences between ALLOW INCOMING single IP and ALLOW INCOMING trusted network

Hi all,

my CIS is configured as “Firewall” and global rules are: “Block ICMPv4 etc.”.

If in a app I ALLOW an INCOMING trusted network and somebody try to break the firewall it will immediately BLOCK it and ASK what to do.

If in a app I ALLOW a single/multiple IP (no trusted network) and somebody try to break the firewall will let allow INCOMING EVERYONE!!!

It is a bug? It is normal? Why?

Can you post a screenshot of your Global Rules? Your description of them is vague and has us guessing.


my global rules are the standard when you use CIS in “firewall mode” (that is my mode) and you can find them here:


Or here:

Thank you

Blocking ICMPv4 connections is not advisable.
The default rules were the basic needed for basic usability.
ICMPv4 (or ICMPv6) connections are not true security threats and are very much needed for internet maintenance
and usability.
For examples, the PING, TRACEROUTE, internet web server unreachable, and other IP protocols needed to establish network connection, local link name resolution, and much more, all are using ICMP.
These really should be used and allowed in the firewall.

I would like to see your Global Rules because you have added a trusted network. I would like to see so we are talking about the same.