Firewall rules from alerts

I had an alert saying System was trying to accept incomint connection to TCP port 139, I don’t want incoming connections to this port, so I clicked more selected block this request and remember this setting.

Then I go to …umm… where program rules are and under System I see "Block and log IP incoming from MAC any to MAC any protocol any " how come? I thought I asked the firewall to block incoming TCP port 139 for system proccess not everything…

In D+ alerts if you press more then select Deny this request and remember setting it blocks only this request (hook for example) not everything (as in if you dont press more)

I haven’t found anything in Firewall FAQ about this.

and second question when manually setting rules for firewalls what’s the IP protocol for? I understand TCP UDP and ICMP but what’s IP for?

For more fine tuned firewalls you need to up the firewall Alert Settings.

Thank you, setting alert setting to high seems to fix that problem.

However now it creates rules per direction (incoming \ outgoing) and port number even if I don’t cleck on more…

I Mean shouldn’t it work this way? (Alert setting on high) for example program asks outgoing TCP 80 connection if I want this program to have outgoing TCP connections (any port) I just check remember setting and click allow. Now if I want this program to have outgoing TCP connection on port 80 only (ask about others) I click more check Accept this request and remeber setting and click ok. Shouldn’t it work that way? if not why the heck is “more” buton there to begin with?

There is definitely room for improvement in the UI of the firewall. There is a topic with suggestios for possible changes in the UI in the wishlist board: CIS Charrette - Firewall Alert.