I currently use ZoneAlarm, and I find it useful when you can allow a program access to the trusted zone while not allowing general internet access. For instance, when you want to use a proxy with Firefox, you can allow Firefox to access the trusted zone, which basically allows it access to localhost/127.0.0.1. Many times, even when I set Firefox to only access localhost, a plugin will attempt to access the internet and bypass my proxy. ZoneAlarm is the only firewall I've tried that will block the plugin and maintain access through my proxy. I would like to use other firewalls, but it's always been a deal-breaker when I haven't been able to configure them to differentiate between localhost and direct internet access. Any suggestions on how to do this with other firewalls? I know everyone here goes by the highest percentage of leak tests that a firewall passes. So, I was hoping to figure out how to do this with Online Armor. Thanks p.s. Let me add a few details. A few weeks ago I tried a few of the top rated firewalls on Matousec. I don't remember the specifics of the problems I had with each one, but, suffice it to say, I couldn't get any of them to replicate the experience I've had with ZA. Not to say that it couldn't be done with some tweaking, but I didn't have success with my initial tests. With ZA, I generally don't grant any program automatic access to the trusted or internet zone. I always decide every time I open the program. Sometimes I use a browser with direct internet and sometimes I want to route it through a proxy (e.g. proxomitron, tor, etc.). But Firefox doesn't always cooperate. In fact, if I surf long enough, almost undoubtedly, ZA will alert me that Firefox is trying to access the internet, even when I specificall tell it to use the localhost. Now to what I recall from the other firewalls (I've forgotten a lot of the details). I had trouble getting any other firewall to ask me EVERY time I open a browser if I want to grant localhost access then if I want to grant internet access. I recall some firewalls having several popups asking me if I want to allow this or allow that. Then when I grant access, some firewalls seem to choose not to ask me the same questions the next time I open the program. Basically I want just one (and only one) popup when I open a program asking about localhost access. Then one (and only one) popup asking about direct internet access. A lot of firewalls seemed to give me around 10 popups when I open a browser, and then seemed to remember my choices and not ask me the same questions the next time I open the same browser. The reason for this is that sometimes I use Firefox with direct internet access, then I want to switch to some proxy later on. With ZA, I just close the browser and reopen it. Then I grant localhost access and deny direct internet access. Invariably, ZA will catch Firefox attempting to access the internet and save my butt. Maybe I'm doing all of this wrong, and there's something obvious I'm missing. But I don't see how you can use proxies with firewalls that don't easily allow you to differentiate between localhost and internet access. From my experience, browsers and other programs in general can't be trusted to follow your instructions.