I have machines in a VLAN and I need to have them access all but not get out to the internet.
I have tried this (and lots of others options) but nothing is working.
I simply need to block internet access and allow all other access.
From how I understand this rule to work all access except WAN network should be Allowed.
outbound traffic still needs to be specifically blocked, the default deny rule only applies to inbound traffic.
OK fixed by explicitly allow only internal traffic by listing all networks in an Alias and then associating the alias to an allow rule. All else was by default blocked.