Can't reach web GUI after changing LAN interface settings

[m8mu25]

Topology and systems:

- Protectli Vault FW2B (router) to Raspberry Pi 4 (management) over Ethernet
- OPNsense 23.7; vga; no minor updates
- Raspberry Pi OS 64-bit (latest)

I am setting up my first OPNsense network.  I successfully installed OPNsense, logged into the web GUI (via LAN), and logged into the console.  I found that after changing certain settings under Interfaces > [LAN] and clicking [Apply changes]...

1. I can no longer reach the web GUI (Firefox and Chromium time out).
2. I can no longer log in as my admins user via console ("This account is currently not available.").

Settings include...

- Prevent interface removal > True
- Block bogon networks > True
- MAC Address > {randomly generated}

I initially tried these settings in combination with others.  I have since reinstalled OPNsense multiple times, minimizing changes to try each of these settings independently.  (I also rolled back any related settings in RPi OS, such as rules in /etc/nftables.conf.)  Sometimes, the browser hangs immediately after applying one; other times, I must reboot my Vault to find I can't reach the web GUI.

To fix this, I have tried...

- Closing each browser and deleting their user settings.
- Reconnecting the Ethernet cable between my RPi and Vault.
- Running `dhclient -rv`.
- Reconnecting and creating new connections via `nmcli` and the NetworkManager GUI.
- Rebooting my RPi and Vault.
- Logging into the console as root and resetting the LAN interface via option 2.
- Speaking with the (excellent) tech support at Protectli.

My only thought left is to avoid changing the LAN interface settings.  Any new ideas are greatly appereciated.

[pasha-19]

None of the referenced documents are Opnsense specific.  I read documentation in general that says DHCP requires the requesting computer (client) identified as 0.0.0.0 to send a request to 255.255.255.255 ("broadcast" to the unknown "magic" DHCP server) to secure an IP address for the client machine.  I found another document that indicates 255.255.255.255 is considered a bogon in some circumstances.  Blocking 255.255.255.255 FROM the internet (WAN) is desirable (to the internet is often used to get a DHCP IP address for the WAN side of the router).  Blocking it on the LAN could break the DHCP mechanism.  Perform an ifconfig (in terminal) to see if your Raspberry PI has an interface address.  If not setting an appropriate static IP address could get you access to the router to open it back up to processing DHCP requests.  The automatic rules open the ports for DHCP requests however I cannot see in the automatic rules when BOGON addresses are dropped on the interface.