iMac 21.5" Late 2009

OS X Lion 10.7.2 (11C74)

Norton Firewall 5.0.1 (2)

Earlier I couldn't connect to the screen sharing service.  I checked the sharing preference to make sure screen sharing was still enabled -- it was.  The firewall history reported that the incoming connection was denied due to suspicious activity.

I tried to connect 8 times over a three-minute period and all connections were denied for the same reason.

Connection blocking does have a services rule for Screen Sharing/VNC to allow all other connection.

The only way I could get it to work was to add a second rule to allow a specific IP address.  Once that worked, I was able to remove that specific rule, and reconnect once again via the more general rule.

This seems similar to the connection blocking problem I ran into back in 2009, and Ryan did discuss the invisible stateful rules.

I guess I still don't understand, as an end-user, why the firewall should stop me from connecting to my iMac, when there's an explicit rule allowing a connection to the service.