I presume that the rules are used top to bottom, but when a new rule is created it gets put at the top. This means I have to move it manually down to keep my system rules at the top.
Wouldn’t it be more sensible to add them at the bottom?
No.
Globally,
General Firewall logic is that allow rules come before blocking rules.
At the bottom is normally your Block all else.
So in most cases when adding a rule (from an alert, pop up) it is to allow something.
Therefore adding to the top ensures the new allow rules would take immediate effect.
Application rules are individual sets per application. The same logical flow applies to each app individually.
One apps rules don’t affect other apps.
One other plus is being able to quickly find the new rule you just created (from the alert pop up).
For review or fine tuning. Rather than finding them buried in or at the end of some long list.
None of these are huge issues, but they had to pick one way and try to be consistent.
So adding new (auto created from alert) entries to the top just wins in the logic arena.
Hope this helps.
Later,
Bad
Edit: Thanks Radaghast, next post. For making the distinction between manual and auto creation.
During manual creation of a ruleset, odds are you don’t want them to take effect until you are ready.
Rules are read from the top to the bottom but the placement of a new rule depends how it was created. If the rule is created manually, it’s placed at the bottom. If the rule is created from an alert, it’s placed at the top.
Thanks for both your replies.
I see your point Bad Frogger, whether added to the top or bottom neither is ideal and a choice had to be made one way or the other. I guess I’d prefer them added to the bottom as it is a pain having to move all my newly created rules down manually and I don’t tend to use “Block all else” rules so that I will be notified of any new activity that doesn’t already have a rule, but obviously not everyone uses it that way. Actually, if I did have a “Block all else” rule, I wouldn’t even get a popup to create a new application rule would I?
If the rules list opened with it focused on the bottom, rather than the top, that would make it just as easy to see the new rules as the present system, although even having to scroll down to the bottom doesn’t really make it any harder to find them.
EDIT: just wanted to add that if I could select multiple rules/sets and drag them or, even better, click a ‘Move to Bottom’ button, that would make life a lot easier.