LAN firewall rule questions

[paradox55]

I've started to tinker around with rules and noticed every 20-24 hours I have to allow all traffic into my network again in order for my wireguard services (which have been running for months with no issue) to function again.

Currently I am blocking all services (LAN) other then ports 53, 853, 80 and 443 with the ssh port and wireguard ports open. ICMP is also open.

Wireguard external IP(s) are whitelisted and can bypass all of the lan rules.

This problem also goes away instantly when all traffic is allowed on the interface...

It's a constant 20-24 hour cycle.

The services over wireguard don't stop working. They just start taking minutes to resolve and load. At first I thought it was a peering issue between myself and the server but then noticed that allowing all traffic fixes the problem..

My assumption is because I have such a tight restriction on LAN traffic there may be a cache issue or communication issue between all of the servers on my LAN. Perhaps an ARP cache issue?

I'm running the latest opnsense version, upgraded today.

Which ports/protocols do I need to open on LAN for servers to communicate with each other internally?