After choosing “Add”, you will see the deny rule settings window. In this window there are the following fields:
By default all fields are empty and suggests that it's set to “all”, meaning that if you create a default deny rule and apply it to a user or a group, the firewall will block all user's or group's communication that go through ICS CUBE completely. You can check what values are acceptible when you place the cursor on the field, or you can choose a value from the drop-down list containing the objects that are already known to ICS CUBE.
The “Send ICMP Unreachable” checkbox will let to sending this message as a responce to a ping command, and the ICMP package will be blocked.