As you have said netbiosd is only an example. You can sort the rules for any process by its precendence (priority). If you deny any connection for a particular app/dadmon local lan connections are still allowed by the any process rule. If you like to deny local lan too you need to add an additional deny rule which will overrule the any process rule.
↧