Global vs Application rules

Global Rule: “Allow IP IN/OUT from IN [LAN] to In [LAN] Where Protocol Is ANY”

Isn’t that allowing anything from defined LAN ips to my computer ? How come port 445 request is not processed from an ip in LAN because i have set System not to get anything from any ip ?

If something matches a global, it shouldnt look to application rules right ?

I simply want “System” not to get anything from internet but everything from LAN.

For something to work correctly it requires both global and application rules.

Outside —> global rule —> application rule —> connection
Connection —> application rule —> global rule — outside

Both have to allow or it won’t happen

You will need to create an “Application Rule” for “System” or alternatively use the “Stealth Ports Wizard” to trust the LAN IP`s and it will create application rules for system and global rules.


Could someone explain this a little deeper if possible? I’m currently very confused because I constantly setup my application rules only for them to be ignored completely with the firewall only following global rules.

For example, I’m trying to open a port for Soulseek. Since I’ve grown not to like selecting “allow all” access all the time, I wanted to set the rules for the application specifically so that ONLY the ports and IP’s utilized would be allowed and not just everything under the sun. I’m however running into to trouble because there’s a global rule for “Block and log IP in from IP any to IP any where protocol is any.” It’s overpowering the application rule and effectively blocking all ports that I know I configured open for the program under application rules.

Basically you need to set up a Global rule which allows traffic past to the port/s for which it is required. Global rules are read top down.

For example say you have program A which needs to accept connections on a certain port (TCP-5555 for example). You set up your application rule for Program A so that you have a rule:-

Allow TCP IN (your description) Source Address=Any(you can set the IP/Range if you wan`t/know them)/Destination Address=Your IP/Source Port=Any/Destination Port=5555

This rule will allow the program to accept connection on port 5555

But this doesn`t take into account the fact that when receiving a connection from another computer Global Rules is the first thing that is hit. Therefore you must also make a Global Rule allowing traffic to pass to port 5555 which Program A is set up to receive connections on.

Therefore you must make a Global rule the same as the rule above and place it above any Block rule.

So we should end up with Program A receiving a request from another computer. The other computer sends the data to port 5555, the Global rules are read top down, okay the top rule says Allow TCP through if it`s destined for Port 5555 so the data is allowed to pass.
Now Program A which is listening on port 5555 recieves the data and acts accordingly.

Hope this helps a tad,

To me the purpose of the Global Rules seemed to be to allow/deny a network connection for all applications, so that you don’t have to set it for each app.

For example setting this rule:

… could avoid setting the same rule for several applications, for example Voddler:

Unfortunately it doesn’t work that way for outgoing traffic and I cannot bypass setting the rule for each app :frowning:

Global rules are for incoming blocks or allow only.

If you want to set a outgoing block or allow use a all applications rule to block or allow.

Application rules / Add / Select / File Groups / All Applications


I think I found the solution: setting a rule for all applications. How to do it is pretty hidden I must say. On the “Application Rules” tab click on “Add”, and then: