Shouldn't this be blocking everything going in?


I just edited the global rule set to only include:
Block and log ip in from ip any to ip any where protocol is any. (custom policy mode)

Why am I still able to use firefox, messenger etc?


Packet coming in>global matching rule found>block

No because firefox/messenger have established a connection.The block and log will stop any unsolicitated packets from entering.Which option did you choose when installing V3 because the "i dont"use p2p option automatically sets up the block and log rule at set up?

Nice 1 Matty

ps try putting a block and log ip out from any to any where protocol is any in Global Rules and try then.

Ok, so I should see in/out as the direction of connection establishment and not a packet coming in/out.
I do use p2p, but I am trying to understand everything.
(I’m reading the utorrent thread now :))

Thanks for thr reply Riggers.

Can you clarify a bit please (I too am “just trying to understand”)?

If I understand you correctly, any application pre-existing would be allowed access because there already is a rule in “Application Rules” for that particular application (Application Rules take presidence over Global Rules for outbound communications). Anything NOT in Application Rules would be blocked, both inbound and outbound.

Now, if one adds a NEW application (say ICQ, Pirch or Yahoo Chat) that requires intenet access, what happens? Will the user get a pop-up asking for permission, with an option to remember answer (at which point a new application rule would automatically be written for that application)?

Thanks for the education.

TCP is a connection oriented protocol. Once an outbound connection is established by your browser, data is able to flow in both directions between your computer and the destination computer. What the “block inbound” does is prevent connections being established to you by unknown programs that might be harmful. So for TCP, rules block connections, not data.

Tn yank you are right in what you say about a new application initiating a pop up which you can then answer accordingly.Also an application must be open(have a listening port) for any packets to be able to come into your computer.So if an application that is listed in your application rules tries to connect with your computer but you do not have that application running the request will be denied.

An example say your av updates at 3pm,the update scheduler fires up and there is a rule in application rules for it to make a connection.It then sets up a connection with the server and your update is allowed to pass through no problem.Once the update is complete the update process stops and that link is closed.

A good thing i have found is to set applications which are not updaters to “ask” in application rules,this way when you open the program a pop up appears saying xyz.exe is trying to connect etc.

Nice 1 Matty