May be I am little slow but what I found on GhostSecurity
site (GhostWall help) and from forum debate, I think it is not
quite exact explanation how GhostWall operates.

In absence of any guide that explains EXACTLY what happens
inside GhostWall box I started experimenting and this mini
exact guide is result.

I hope it will help others as it's helping me,
so I'll put it here.

Feel free to correct it (especially if you are author :),
if you find omission of any kind, also feel free to extend it.
There are no distribution restrictions and
no warranty of any kind.

Thank you people.


GHOSTWALL MINI EXACT GUIDE


1. Every packet passing through all network adapters
is checked against rule list.

2. Checking is executed in top to bottom order.

3. First rule which matches checked packet, takes an action
(ALLOW or BLOCK) and no more rules are checked
for that packet.

4. If omitted last COMPLETE BLOCK or COMPLETE ALLOW rule, then
COMPLETE BLOCK is assumed (every packet which does not match
any rule from the list are blocked).

5. If Windows firewall is also active then:

- incoming packets are first checked against GhostWall rules
and if matched with ALLOW rule they are passed to Windows
firewall, if matched with BLOCK rule the packet processing
stops

- outgoing packets are first checked against Windows firewall
rules (which, as of XP SP2, does not block any outgoing
traffic) then packet is checked against GhostWall rules