Global Firewall Rules

Help for v3
#1

One of the global rules is:
ALLOW IP Out From IP Any To IP Any Where Protocol Is Any

One of the good reasons to have a software firewall in addition to a hardware one (router) it the ability of the software firewall (well, a good one, unlike Windows Firewall) to block outgoing traffic in the event malware does somehow infect the machine.

It seems to me that the above mentioned rule just opens the barn door and allows ANYTHING out.

Am I right and if so should I delete this rule?

Or am I seeing it wrong.

Thanks, Brain Trust

#2

This rule doesn’t “open the barn door” if your firewall is in custom policy mode. In this case you are alerted each time unknown executable (or executable without appropriate rules in application rules) tries to connect.
It is because CFP for outgoing broadcast checks application rules before global rules.

But anyway this rule is redundant and you can safely delete it.