If I want to enable IGMP (and related UDP) in my trusted zone, I cannot do so with custom rules. For example, on the XP SP3 client 126.96.36.199, IGMP gets blocked Code: 8/14/2009 2:48:25 PM No usable rule found 188.8.131.52 184.108.40.206 IGMP 8/14/2009 2:48:23 PM No usable rule found 220.127.116.11 18.104.22.168 IGMP even though I have rules for the Trusted Zone (includes the 129.98.90. subnet) to allow it: Tech support told me to willy-nilly enable everything in allowed services This works, but why should enable things I don't need? For example, I don't need IGMP for the whole Internet. I already have an explicit rule. I believe this is a bug in firewall module 1051 in 4.0.437, which is that it ignores custom rules specifying IGMP.