diff --git a/src/driver/fortcout.c b/src/driver/fortcout.c
index 6cf8f618..5a79bbc3 100644
--- a/src/driver/fortcout.c
+++ b/src/driver/fortcout.c
@@ -209,21 +209,16 @@ inline static BOOL fort_callout_ale_is_zone_blocked(
                     &fort_device()->conf, zones_mask, cx->remote_ip, ca->isIPv6);
 }
 
-static BOOL fort_callout_ale_is_ip_blocked(PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx,
-        PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags, FORT_APP_DATA app_data)
+static BOOL fort_callout_ale_is_ip_blocked(
+        PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, FORT_APP_DATA app_data)
 {
     const BOOL app_found = (app_data.flags.v != 0);
     if (!app_found)
         return FALSE;
 
-    if (app_data.flags.lan_only) {
-        if (!conf_flags.filter_local_net
-                || fort_conf_ip_is_inet(&conf_ref->conf,
-                        (fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included,
-                        &fort_device()->conf, cx->remote_ip, ca->isIPv6)) {
-            cx->block_reason = FORT_BLOCK_REASON_LAN_ONLY;
-            return TRUE; /* block LAN Only */
-        }
+    if (app_data.flags.lan_only && !cx->is_local_net) {
+        cx->block_reason = FORT_BLOCK_REASON_LAN_ONLY;
+        return TRUE; /* block LAN Only */
     }
 
     if (fort_callout_ale_is_zone_blocked(ca, cx, app_data.reject_zones)
@@ -254,7 +249,7 @@ inline static BOOL fort_callout_ale_is_allowed(PCFORT_CALLOUT_ARG ca, PFORT_CALL
         return TRUE;
 
     /* Check LAN Only and Zones */
-    if (fort_callout_ale_is_ip_blocked(ca, cx, conf_ref, conf_flags, app_data))
+    if (fort_callout_ale_is_ip_blocked(ca, cx, app_data))
         return FALSE;
 
     /* Check the conf for a blocked app */
@@ -291,15 +286,16 @@ inline static BOOL fort_callout_ale_check_filter_flags(PCFORT_CALLOUT_ARG ca,
         return TRUE; /* block all */
     }
 
-    if (!conf_flags.filter_local_net
-            && !fort_conf_ip_is_inet(&conf_ref->conf,
-                    (fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included,
-                    &fort_device()->conf, cx->remote_ip, ca->isIPv6)) {
+    cx->is_local_net = !fort_conf_ip_is_inet(&conf_ref->conf,
+            (fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included, &fort_device()->conf,
+            cx->remote_ip, ca->isIPv6);
+
+    if (!conf_flags.filter_local_net && cx->is_local_net) {
         cx->blocked = FALSE;
         return TRUE; /* allow Local Network */
     }
 
-    if (conf_flags.block_inet_traffic) {
+    if (conf_flags.block_inet_traffic && !cx->is_local_net) {
         return TRUE; /* block Internet */
     }
 
diff --git a/src/driver/fortcoutarg.h b/src/driver/fortcoutarg.h
index ed54ba66..ce025ce1 100644
--- a/src/driver/fortcoutarg.h
+++ b/src/driver/fortcoutarg.h
@@ -41,6 +41,7 @@ typedef const FORT_CALLOUT_ARG *PCFORT_CALLOUT_ARG;
 typedef struct fort_callout_ale_extra
 {
     UCHAR is_reauth : 1;
+    UCHAR is_local_net : 1;
     UCHAR app_data_found : 1;
     UCHAR inherited : 1;
     UCHAR drop_blocked : 1;
diff --git a/src/version/fort_version.h b/src/version/fort_version.h
index eccbc990..30f6c997 100644
--- a/src/version/fort_version.h
+++ b/src/version/fort_version.h
@@ -16,6 +16,6 @@
 #define APP_UPDATES_URL		"https://github.com/tnodir/fort/releases"
 #define APP_UPDATES_API_URL	"https://api.github.com/repos/tnodir/fort/releases/latest"
 
-#define DRIVER_VERSION		35
+#define DRIVER_VERSION		36
 
 #endif // FORT_VERSION_H