Nothing goes by...

How to setup CIS firewall so it doesn`t let anything on the internet without asking for permission first?

I tried following and failed:
Firewall - custom policy
Alerts - very high

Set like that should work I get alerts for apps. that try to access internet though the proxy with settings like that.
All are set custom in Defence+ none trusted.
Please post screenshot of Network rules
Thank you

I think that my problem is with Defense+, and not a firewall.

I installed app Girder v4,, and blocked the application with firewall, and the Girder showed me on screen display with weather forecast.
Maybe D+ setting - loopback networking is what should I adjust.

My settings are
Firewall - custom policy mode
D+ - Clean PC mode, default settings

PS: Do you mean screenshot of my network zones?

Yes it is possibly Defence+ if you are using Predefined rules.