How to properly enable WAN traffic on a bridge

[Fionn]

Hi

I have created a bridge (consisting of 4 ports) on a mini pc and there is an additional port for WAN
Created an alias for "home network" IP ranges 192../10../172...
On the bridge I created a rule:
   Action: Pass
   Interface: bridge
   Direction: in
   TCP/IP Version: IPv4 (I dont care about IPv6)
   Protocol: any
   Source: home network (alias)
   Destination: home network (alias)
   Log packets that are handled by this rule -> enabled

With that in place LAN connections are working fine, without it there was always something blocked (made me crazy), and I don't want to restrict LAN only communication (at least not yet).
My plan is if I want to block something on LAN I create a new rule for that specific case and put it above this rule on the bridge. Is this rule ok from safety point of view? Or does it pose some threat where I should pay extra attention to?

With that internet is still not working at all on anything in the LAN other than opnsense itself.
So I created a 2nd rule for the bridge
   Action: Pass
   Interface: bridge
   Direction: in
   TCP/IP Version: IPv4
   Protocol: any
   Source: home network (alias)
   Destination: any
   Log packets that are handled by this rule -> enabled

I tested on the Destination with "inverted home network alias" (works) the any (works) wan net (fails) wan address (fails) options. Which is the proper one to go with? I found this https://forum.opnsense.org/index.php?topic=18755.msg85870#msg85870 helpful info but still not sure
And again: Is this rule ok from safety point of view? Or should I place this on the WAN interface with an out Direction?

Thanks for the help