Why using FW rules? Can't you simply configure the host with a fake gateway adress?This way I am blocking a smart TV from WAN but granting LAN access. Moreover there is no need for the firewall to process anything.
I guess my question is:Why doesn't using WAN addresses as a destination in the firewall rule work? What is "WAN Addreses" used for, if not for packets marked with a destination on the WAN address?
Destination: WANCounterintuitively, this doesn't work for blocking LAN clients access to the WAN.
That would possibly block packets to OPNsense itself and certainly wouldn’t work if you were running multiple VLANs/subnets that you wanted access to