Stealth wizard

  1. The wizard sets to “Alert me to incoming connections - stealth my ports on a per-case basis”, the global rule is set to

Block | ICMP | In | From Any IP Address | To Any IP Address | Where Message is ECHO REQUEST

as in the help file.

But my rule was “block AND LOG …” after CFP install.

I think that the wizard should also set the “log” flag as the installer does

  1. If you select “Block all incoming connections - stealth my ports to everyone”

The wizard REPLACE the above rule with

Block And Log | IP | In | From Any IP Address | To Any IP Address | Where Protocol is Any

Shouldn’t it be both rules: block IP and ICMP ?

  1. If you select “Define a new trusted network - stealth my ports to EVERYONE else”

two "allow rule (in/out are) ADDED (to the ICMP rule) as expected

  1. If you select “alert me” or “block all” after step 3), a rule is added before the rule of step 3).

I think it’s ok, I assume that rules are handled from downward as in majority of firewalls ?

Am I right ?

It can be usefull for an expert to reactivate a trusted network just be moving it up, but don’t you think it can be confusing for a beginner ? But frankly, I personnaly prefer the way it is now…


“Block IP” does include or imply “block ICMP”, as much as “block TCP”, etc.

You’ll likely know this already, but you can edit the rule yourself to change from “block” to “block and log”.

Rules are read from top to bottom. Once one rule matches the case the appropriate action is taken and the rules below are dismissed.