Network Monitor Question

Could someone please explain why network monitor rules have to be added manually whereas application rules can be created on-the-fly or added manually?

This is the way I see it and please correct me if I’m wrong but when traffic hits CFP it is first intercepted by network monitor. Network monitor knows of the address and port but not the listening application (if any). If a network monitor rule is created manually (allowing the port) then application monitor alerts the user to create a rule.

Has network monitor been setup this way so that we don’t accidently allow something that we shouldn’t? I’ve also read something about the ip stack (or something similar) being protected this way before reaching the listening application. Would it not be possible to also prompt the user for network monitor rules? I can see this way of working very confusing for users unfamiliar with firewalls/computers.