About the order in which rules are applied

For connections that use rawsockets, only the global rules are checked.

For connections that do not use rawsockets, various rules are checked, depending on whether the connection is to a network address that is listed on the LAN tab or not.

If the network address is listed on the LAN tab, the following rules are checked:

If the network address is not listed on the LAN tab, other firewall rules are checked in the following order:

  1. Any NetBIOS traffic that has not been allowed using the LAN tab is dealt with according to the setting of the Block file and printer sharing for other networks check box:
    • If the check box is selected, the traffic is blocked.
    • If the check box is cleared, the traffic is processed by the remaining rules.
  2. The high-priority global rules are checked, in the order in which they are listed.
  3. If the connection has not already had rules applied to it, the application rules are checked.
  4. If the connection has still not been handled, the normal-priority global rules are checked, in the order in which they are listed.
  5. If no rules have been found to handle the connection:
    • In Allow by default mode, the traffic is allowed (if it is outbound).
    • In Block by default mode, the traffic is blocked.
    • In Interactive mode, the user is asked to decide. This mode is not available in Windows 8.
    Note: If you have not changed the working mode, the firewall will be in Block by default mode.