I have the impression that a rule : Action = Block, Direction = Out, Source address/Destination address/Source port = Any, Destination port = xxxx does not work when a process attempts a connection with a Source port = xxxx and Destination port = xxxx.
When I modify the rule with Direction = In or Out it seems that it works right.
Thank you for your return.
how I see this problem:
I disable “Log as firewall event if this rule is fired”
and nevertheless, there is one firewall event in the firewall logs
I had the same issue with 3 other global rules when a process attempts a connection to internet with Source port = Destination port.
I didn’t move the rule I just changed the direction from “Out” to “In or Out”.
After this update the rule works right (with “Log as firewall event if this rule is fired” disabled there are no more firewall events in the firewall logs)
First why are you using global rules for outgoing connection requests? The global rules are mainly used for incoming connections. The process was receiving a connection and not creating an outgoing connection, which made the rule work as you changed the direction for the rule. And I tested this with a block rule for destination port 80, and I was not able to connect when both the source and destination port of the outgoing connection were both set to port 80.
So again the rule was not created correctly, the rule is not above the allow outgoing rule, or the process was not connecting out on that port but receiving a connection request.