OK, here are a few things about LnS that were unclear for me at the beginning (and maybe for some other users). Now I hope I understand things right: 1. LnS is composed of two *independent* filters- application filter and network filter. Application filter allows/blocks applications, and network filter allows/block packets. Thus, allowing application through application filter does not mean it can connect to outside world- appropriate rules in network filter are required. These are so calles TDI (application) and NDIS (network) filters; some diagrams here: http://www.ndis.com/papers/winpktfilter.htm. 2. Application filter is like monitoring connect() and bind() calls from Un*x, world with possibility to define allowed/blocked ports and addresses for outbound TCP/UDP traffic. 3. Network TCP filtering is basically stateless, however there are 3 features that make up a bit for this deficiency: - possibility to define two-way rules - ability to block incoming packets based on TCP flag values. - possiblity to turn on stateful packet inspection in Advanced Options, that in LnS automatically drops packets that do not belong to properly opened connection (*Note these*: There is no automated opening of ports for fe. inbound traffic for connection opened by WWW browser, previously allowed by application filtering and network filtering. Also, only up to 128 connections can be tracked and after the limit is reached next are not allowed, which can be a problem fe. for P2P users). 4. LnS binds itself to interface selected in options tab. That means, that network filtering is possible only for this interface, other traffic will not be detected. *However*, application filter detects applications connectiong/listening on every interface (so actually you can block application accessing any interface), *but* (I will test it more) TCP/UPD ports/addresses filtering is active only for selected interface (is ignored for other interfaces than selected). 5. After starting LnS first application you probably would like to allow is C:\WINDOWS\system32\services.exe (change c:\windows part if needed), it performs DHCP and DNS lookups. Also, C:\WINDOWS\system32\wuauclt.exe is the thing that performs automatic updates (btw, the file wuauclt1.exe is legit but not requested for automatic updates). 6. Any changes in settings (like turning on/off application/network filtering) may be not immediately active. You just need to wait a moment for them to "catch up". Please correct me if I am wrong. X.