After choosing “Add”, you will see the deny rule settings window. In this window there are the following fields:
By default all fields are empty which implies matching any value in each field. Thus if you create a default deny rule and apply it to a user or a group, the firewall will completely block all of user's or group's communication that go through ICS CUBE. You can check what values are acceptable when you place the cursor over the field, alternatively you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.
The “Send ICMP Unreachable” checkbox will instruct to send this message as a response to a ping command, and the ICMP package will be blocked.