Below is a rule I created to play Company of Heroes (by Relic Entertainment) online. This rule works fine, but I have a question. http://img.photobucket.com/albums/v407/Aerowinder/rule.jpg I guess I need a little clarification on client/server relationships. In the illustration above, my local UDP port 6112 is open to the specified IPort range. If I removed port 6112 from the Source side, the Destination would still be able to connect to me. Putting 6112 in that field just states that port 6112 is the only port those addresses can connect to on my system. Port 6112 has to be open to receive the incoming data either way. So either way, I am acting effectively acting as a server to my destination. Right? Below is a rule for Azureus, a BitTorrent client. http://img.photobucket.com/albums/v407/Aerowinder/rule3.jpg This opens UDP port 21377 (while the program is running) to the outside world. I am acting as a server here. I am sending data to anyone who requests it. Below is a rule for Ventrilo 3.0, to allow it to get past it's "Synchronizing" stage. http://img.photobucket.com/albums/v407/Aerowinder/rule2.jpg The IP addresses vary, and so do the destination ports. So I can't restrict it much farther. This means any application I have approved can send data to anywhere on UDP port 6100. After telling you all this, my real question is: should I leave the left fields (Source) blank, if possible? Or does it not even make a difference? Is it the Direction field that decides if I can act as a server? Does this post even make sense? I thought the pictures would help me explain. Does choosing the "Inbound/Outbound" direction make me a server by default? If that's the case, I should make the Source/Destination as restrictive as possible.