diff --git a/profile/config-update.go b/profile/config-update.go
index 6f249548..1e73d4fe 100644
--- a/profile/config-update.go
+++ b/profile/config-update.go
@@ -44,11 +44,11 @@ func updateGlobalConfigProfile(ctx context.Context, task *modules.Task) error {
 
 	action := cfgOptionDefaultAction()
 	switch action {
-	case "permit":
+	case DefaultActionPermitValue:
 		cfgDefaultAction = DefaultActionPermit
-	case "ask":
+	case DefaultActionAskValue:
 		cfgDefaultAction = DefaultActionAsk
-	case "block":
+	case DefaultActionBlockValue:
 		cfgDefaultAction = DefaultActionBlock
 	default:
 		// TODO: module error?
diff --git a/profile/config.go b/profile/config.go
index 4da74512..9ca174ed 100644
--- a/profile/config.go
+++ b/profile/config.go
@@ -23,6 +23,10 @@ var (
 	cfgOptionDefaultAction      config.StringOption
 	cfgOptionDefaultActionOrder = 1
 
+	DefaultActionPermitValue = "permit"
+	DefaultActionBlockValue  = "block"
+	DefaultActionAskValue    = "ask"
+
 	// Setting "Prompt Desktop Notifications" at order 2.
 	// Setting "Prompt Timeout" at order 3.
 
@@ -182,7 +186,7 @@ func registerConfiguration() error { //nolint:maintidx
 		Key:          CfgOptionDefaultActionKey,
 		Description:  `The default network action is applied when nothing else allows or blocks an outgoing connection. Incoming connections are always blocked by default.`,
 		OptType:      config.OptTypeString,
-		DefaultValue: "permit",
+		DefaultValue: DefaultActionPermitValue,
 		Annotations: config.Annotations{
 			config.DisplayHintAnnotation:  config.DisplayHintOneOf,
 			config.DisplayOrderAnnotation: cfgOptionDefaultActionOrder,
@@ -191,17 +195,17 @@ func registerConfiguration() error { //nolint:maintidx
 		PossibleValues: []config.PossibleValue{
 			{
 				Name:        "Allow",
-				Value:       "permit",
+				Value:       DefaultActionPermitValue,
 				Description: "Allow all connections",
 			},
 			{
 				Name:        "Block",
-				Value:       "block",
+				Value:       DefaultActionBlockValue,
 				Description: "Block all connections",
 			},
 			{
 				Name:        "Prompt",
-				Value:       "ask",
+				Value:       DefaultActionAskValue,
 				Description: "Prompt for decisions",
 			},
 		},
@@ -209,7 +213,7 @@ func registerConfiguration() error { //nolint:maintidx
 	if err != nil {
 		return err
 	}
-	cfgOptionDefaultAction = config.Concurrent.GetAsString(CfgOptionDefaultActionKey, "permit")
+	cfgOptionDefaultAction = config.Concurrent.GetAsString(CfgOptionDefaultActionKey, DefaultActionPermitValue)
 	cfgStringOptions[CfgOptionDefaultActionKey] = cfgOptionDefaultAction
 
 	// Disable Auto Permit
diff --git a/profile/profile.go b/profile/profile.go
index fb56d90c..d6bc8eaa 100644
--- a/profile/profile.go
+++ b/profile/profile.go
@@ -175,11 +175,11 @@ func (profile *Profile) parseConfig() error {
 	profile.defaultAction = DefaultActionNotSet
 	if ok {
 		switch action {
-		case "permit":
+		case DefaultActionPermitValue:
 			profile.defaultAction = DefaultActionPermit
-		case "ask":
+		case DefaultActionAskValue:
 			profile.defaultAction = DefaultActionAsk
-		case "block":
+		case DefaultActionBlockValue:
 			profile.defaultAction = DefaultActionBlock
 		default:
 			lastErr = fmt.Errorf(`default action "%s" invalid`, action)
diff --git a/profile/special.go b/profile/special.go
index 7080659c..586dd1d7 100644
--- a/profile/special.go
+++ b/profile/special.go
@@ -174,7 +174,7 @@ func createSpecialProfile(profileID string, path string) *Profile {
 				// Resolved domain from the system resolver are checked again when
 				// attributed to a connection of a regular process. Otherwise, users
 				// would see two connection prompts for the same domain.
-				CfgOptionDefaultActionKey: "permit",
+				CfgOptionDefaultActionKey: DefaultActionPermitValue,
 				// Explicitly allow incoming connections.
 				CfgOptionBlockInboundKey: status.SecurityLevelOff,
 				// Explicitly allow localhost and answers to multicast protocols that
@@ -211,7 +211,7 @@ func createSpecialProfile(profileID string, path string) *Profile {
 			Source:           SourceLocal,
 			PresentationPath: path,
 			Config: map[string]interface{}{
-				CfgOptionDefaultActionKey: "block",
+				CfgOptionDefaultActionKey: DefaultActionBlockValue,
 				CfgOptionEndpointsKey: []string{
 					"+ Localhost",
 					"+ .safing.io",
@@ -226,7 +226,7 @@ func createSpecialProfile(profileID string, path string) *Profile {
 			Source:           SourceLocal,
 			PresentationPath: path,
 			Config: map[string]interface{}{
-				CfgOptionDefaultActionKey: "block",
+				CfgOptionDefaultActionKey: DefaultActionBlockValue,
 				CfgOptionEndpointsKey: []string{
 					"+ Localhost",
 				},