TCP and UDP vs IP protocol (rule creation)

When creating a rule for an app, what’s the difference between “TCP and UDP” and “IP” protocol?

Isn’t it the same thing? If so, why are there 2 protocol selections that are the same?

If it means Tcp + UDP + ICMP why not call at “all” or “any”?

it’s pretty confusing.


There are more protocols as part of the IP suite, like e.g. IGMP for multicast or ESP for IPSec VPN tunneling etc.
Here is a bunch of numbers Protocol Numbers

So “IP” means all 142 protocols from that link?

Why not just call it “any” then?

Cause you can specify which of those you like to filter.
It’s not ‘all’ protocol’s cause there are more that are non IP, like IPX, AppleTalk, X25 etc you can’t filter those as they aren’t part of the IP protocol group.

As Ronny mentioned, IP doesn’t mean ‘all’, in fact IP (Internet Protocol) is a discreet network layer protocol in it’s own right. In CIS, when you select IP in the rule creation process, you further select which protocol you wish to represent via the IP details dialogue box. This includes, Custom, Any and a number of usual suspects.