From the premise of when the application is active, it allows everything in the rule without considering what is really listening. I made a browser rule, a rule I only want my browser to use, and not my html enabled mail client. Well the block all at the end stopped the replies from the sites when it was outbound only so I had to make it both directions since LnS wasn't smart enough to see that it was a connection started by my computer, and when I did that the entire range of tcp 1024-5000 was allowed when the program was running! I tired it without the block all active, and I've had Stateful Inspection enabled. The stateful inspection is doesn't work all the time, and seems to require that you get bombed with packets before thinking about working. If you want proof, I did the simple scan from grc.com, and ports 1024+ all showed closed, or open when it was enabled. So when I start my browser, if I get a tcp probe in the rage of 1024-5000, it will be allowed to send a closed, or open repsonse just beause its running. The stateful inspection is not doing its job. With Kerio Personal Firewall, I have a simple rule: Outbound TCP Local ports:1024-5000 Remote ports: Any Remote Address: Any Application: Browser.exe I'm not required to make it bi-directional since my firewall knows that my computer started the connection, and with Kerio's ability of blocking inbound tcp/udp packets to non-listening ports its not an issue even if I did make the rule bi-directional. If nothing is listening, its blocked, and it works better than LnS's so-called stateful inspection. Even the ancient AtGuard didn't require that you made the browser rule with the application as part of the rule bi-directional, and it saw that your computer started the connection so it didn't question the nature of the packets. The test I ran were with only LnS installed, and it was the only firewall enabled. The premise of the application filtering, and the unreliable stateful inspection are a problem. I'm aware that the ability to make rules by application is very new for this product, but it still needs work with more than just the application filtering. To the core, this firewall is still mainly a packet filter with a little bit of application filtering, but unless they fix the way they handle the application filtering with the stateful inspection it will not be as effective as other firewalls already out for years.