Hi all, I have spent quite some time playing with Jetico and still not very clear about its underlying mechanisms. Well it is working now and the rule table stucture is simple and tidy, but I have got something interesting here: (I am using Jetico 1.0161 with windows xp sp2, and skype 2.5. My connection is through a squid web proxy, only port 3128 and 443 open) rules for skype: an application table for skype.exe is set up and inserted just before table 'Ask User': accept disabled any access to network accept disabled TCP/IP send datagrams any local address accept disabled TCP/IP receive datagrams any local address accept disabled TCP/IP outbound connection any (ip of proxy) any 80 accept disabled TCP/IP outbound connection any (ip of proxy) any 3128 reject info any any continue Default action All the problems seem to come from the last 'reject all others' rule, but I really like it since it is the blocker against annoying popups. If the 'reject all others' rule is ticked, skype will quickly give me a login failure. In the Jetico log window I can see hundreds of connections to various ips and ports rejected. If the 'reject all others' rule is not ticked, here come the popups. What is interesting is, if I do not answer the popup ( if the first one is not answered then it is the only one I can see ), after a few seconds the login is successful. Now tick the 'reject all others' rule, then say block to the popup. Skype works well. I guess there must be some differences between immediate rejection and later rejection, although in the above two cases the rule sets are just the same . Looks like when the popup is waiting, skype takes it as a time out and turns to other ips (finally to my porxy ip). But I am not sure what happens if Jetico rejects. Anyway the results are different. Another mysterious thing is the rule about port 80. In a successful login to skype, nothing is received from this port. It should be nothing because the proxy does not allow connection through port 80. But if I delete this rule, login will always fail. Any insights? I would appreciate if anyone can give me a better solution for skype. ( not thinking allowing Skype to connect any ip is a better one) Cheers.