If I want to enable IGMP (and related UDP) in my trusted zone, I cannot do so with custom rules. For example, on the XP SP3 client 184.108.40.206, IGMP gets blocked Code: 8/14/2009 2:48:25 PM No usable rule found 220.127.116.11 18.104.22.168 IGMP 8/14/2009 2:48:23 PM No usable rule found 22.214.171.124 126.96.36.199 IGMP even though I have rules for the Trusted Zone (includes the 129.98.90. subnet) to allow it: Tech support told me to willy-nilly enable everything in allowed services This works, but why should enable things I don't need? For example, I don't need IGMP for the whole Internet. I already have an explicit rule. I believe this is a bug in firewall module 1051 in 4.0.437, which is that it ignores custom rules specifying IGMP.