A few more details regarding the customization of the Secure Boot block rules (the rules created when the High Filtering profile is enabled). The entire problem can be solved by providing a way to customize the remote IP ranges of these block rules. Defining allow rules is useless, because a block rule which includes the ranges from the allow rule will result in blocking of that IP range. Block rules have higher precedence than allow rules. We can solve this by allowing the user to define custom remote IP addresses for those two block rules. VARIANT 1 I will include two text boxes in the Profiles tab which will be used to define the blocking ranges for the High Filtering inbound and outbound rules. Scenario 1 - The user wants to block all connections. This is the current implementation. Two block rules that apply to all possible connections are created. Those two text boxes are empty. Scenario 2 - The user wants to block all connections, but still allowing local LAN connections. The user fill in those two new text boxes with the following IP ranges: 184.108.40.206-192.168.0.0,192.168.0.255-255.255.255.255 When the High Filtering profile will be enabled, these remote IP addresses will be used in those two rules that are created. Having the block rules defined this way will result in allowing all connections to/from local LAN computers. The list can be modified according to the user taste. Important: The other properties of these two block rules remain like they are today. I don't see (now) the point to allow the user to change also other properties of these rules. VARIANT 2 The user can modify the remote IP addresses directly from the Rules Manager for those two special block rules. These custom IP ranges are saved and reused, until the user changes or removes them. What do you think ?