I can understand the purpose of having a “block & log” rule within network monitor but would removing this rule make CPF similar to SKPF (Sunbelt) in that you would be prompted for inbound connections? I would think so but just wanted to check.
Deleting this rule, will let all connections come in without blocking anything. You do not want to delete this rule.
Mike
Wouldn’t application monitor be your next line of defense with network monitor disabled (permitting everything)?
Application rules are still applied, but you won’t be stealthed if you remove this rule and CPF will allow all traffic to your computer.
Mike
So even if I kept my icmp rules (it’s really the “block & log” rule that’s bugging me) an application listening on my computer wouldn’t prompt (via an application monitor rule) for an incoming connection but rather just let the connection through?
In that case CPF would alert you. I think it would be an alert saying an application is trying to act as a server.
Mike
That is what I thought (I’m hoping). I’ll disable this rule and see what happens.