I thought I understood how the rules defined for connection blocking using the Norton Firewall for Mac worked. But after running a short test, I'll admit that I'm a little confused.
I'm using v5.4.1 (52) of Norton Internet Security 5 for Mac on Mac OS X Lion. For this test, I have disabled the Application Blocking component of the firewall. Connection Blocking is enabled with the following rules - in order of precedence:
Block zone - empty
Trust zone - Allow - any local network
All other applications - Block
All other services - Block all other connections
After reading various norton manuals, articles, etc. my understanding of these firewall rules is that by setting my local network as a trusted zone, any connections by services or applications on my computer to or from other computers on my local network should be allowed. With these rules, I get numerous notifications of connection blocking for services and applications that are trying to communicate to or from other computers on my local network.
Changing the firewall rules to the following still results in blocked application communications:
Block zone - empty
Trust zone - Allow - any local network
Service (e.g. Application File Sharing - port 548) - Allow any local network & Block all other connections
All other applications - Block
All other services - Block all other connections
In order to eliminate all connection blocking notifications I have to use the following firewall rules:
Block zone - empty
Trust zone - Allow - any local network
Service (e.g.. Application File Sharing - port 548) - Allow any local network & Block all other connections
Specific application (e.g.. NetAuthAgent.app which uses port 548) - Allow any local network & block all other connections
All other applications - Block
All other services - Block all other connections
This level of firewall rules detail seems excessive. What am I not understanding?