No sense in application rules !?

Ok, another thread, because I really become crazy.

Can someone explain, what is the sense in “direction” in application rules !?

It seams to be impossible, to get Internet Explorer run, without using direction=BOTH (In/Out).

I tried with localhost (, with, as I read in this forum.

AND: This CANT be UNrequested traffic, as the network monitor rules block this ( or what) ??

Someone who can really clear this up. I really dont know anymore…

(using : ver

BTW: there are three types of pop-ups: 1:“trying to act as server”,2:“trying to connect to the internet” and 3:“trying to receive a connection”. For my decision on allow or not, is there a diff. in 1 and 3 ?

EDIT: Now, I deactivated “monitor dns queries”, and voila, IE + Co. don not need “IN” (act as server) anymore. BUT:
Brousing is more than 10 (!) times slower as with “act as server”.

Anyone knows why ??


your network rules might not be set up right. Go here for a tutorial:

Internet Explorer requires both in and out for the following reasons. OUT because you are making a request or sending data to the internet and IN because you are requesting information back from the internet for example if you search something in google you need to allow IN so that the information you requested comes back to you.

Also check to see if you have your LAN as Trusted.

Hope this helps!


Hi EricEgan,

I am new to CPF, therefore maybe I still need to learn how it works exactly. I moved to CPF from Kerios.

When I make a connection to google to retreive the google page, I am making an outbound connection - google will return the page on the same connection, therefore i am not really understanding why i should enable IN connections for iexplore…

p.s. I have actually configured a rule as follows:
allow iexplore to connect to ANY remote IPS, on port 80 using TCP OUT. This seems to work pretty fine. I have also disabled DNS checking as per the recommendations in another post.



I agree with creepy. NO inbount should be used !!

To creepy: I did the same, BUT IE is now slower 10 times than before.

But in whole:

I dont understand, why there can be a difference, if I allow “In” in application rules. Because the Network monitor rule should block all UNrequested traffic !???

Seems it has something to do with the sequence, in wich CPF is applying rules, BUT WHAT ?

Or maybe, “In” in application rules means only, that an app. is permitted to open a port for listening. If, NOT permitted, and on the same port comes a REQUESTED packed, then it’s skipped too !?

PLZ, can one of the “knowing” ones of you clear up this ?


You shouldn’t need to create any inbound rules for IE. If CPF uses SPI (which I’m sure it does), it should allow the connection back in (without you being prompted). You should only need two rules for IE. One that allows outbound access on port 80, 443, maybe some proxy ports and the other, a loopback rule (


for IE it works without loopback, but 10 times slower, as if I allow inbound UPD on port 10xx (eg 1052) . But, my god, the inbound traffic shouldn’t be there, because of the network monitor rules !?

I see, there must be an issue in the way CPF handles the “opening” of ports. I think, that if there is a rule for block inbound traffic, the port wont open (?). And then it cant be used for outbound.

AND: HAve you ever tried to create a loopback rule for INBOUND traffic ? No chance. Because the remote ip you specify there is in the moment of starting to listen not known !! So, only an “any” helps there. And then prevent inbound traffic you dint want with the Network monitor rules.

This is what I have discovered till now. Be sure, I spend hours. In an other post, I ask what exactly means “remote ip”, if the direction for a rule is BOTH. Then it is ???

There are many things to clear up. 4 of my programs are not running, because I dont want then to connect to the internet but they need TCP/IP.

Its really too bad, because I liked this piece of soft and the concept of having two layers of rules and other things. But it must be possible to get the basics to run. Today many progs use Client/Server communication internal, so loopback must be possibe to allow for an app. with ONE click !!! (But at a minimun it must be possibe)

Well, I’m still open to any help, maybe there is a real professor out there…



Your IE rules should look similar to the screenshot below:-

[attachment deleted by admin]

Ok, now I understand. Are you using the new beta ? right ?

I downloaded it, and now I have the same rules, and all is pretty good. No “act as server” pops…

I think Ver was buggy.

Yes, I’m using (beta).


Well, I must correct myself:

not buggy, but really bad its behavior. If I hadn’t upgrde to the beta, I think I had never found the solution to my problems…

THX for your help

i’ll check the beta also. Thanks

The really best is, that you now can have exact behavior for the popups, and with that (more important) the rule, that will be created, if you hit “allow”.

For me this was the best.