One of the guys at work was having trouble getting his head around the source/remote conditional direction thing in CPF and the only way I could get it through to him was to substitute the word “From” for “Source” and “To” for destination. It immediately clicked and the final penny fell into place when I substituted “Me” for the relevant "Any"s.
Using this, real noobs (and I mean banjo playing type REAL noobs!!) got it straight away. Maybe this terminology may be better.
allows only incoming connections that are initiated by your machine.
If you send to print multiple pages, the first one will print just fine. But then the server will probably initiate a new incoming connection for informing your pc that has finished and can send him the second page. This probably will be blocked, since will be an incoming request with source your zone and destination your pc. And this is not covered by the rule:
In,my,zone,any
Wouldn’t the original print request be allowed by the first rule (allow, out, from me, to zone, any - where I am sending outbound an IP packet of some sort from my IP to another IP within the defined zone) and the subsequent request from the printer be covered by the second rule (allow, in, FROM ZONE, TO ME, any - where an IP address on the defined zone is sending some sort of IP packet to me)?
Even just having the [Me] replacements helps the understanding.
I’ve always set my printers to spool, then print… is this why i would have never seen this type of problem? My PC would send the whole print job… and if anything was to come back, it would be to say the job was done… but I’m thinking that my spooler connected to the spooler of the print server would be taking care of that info routing… and not a “secondary” communication from the server.