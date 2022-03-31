OpenSource Ghost said: If I create a LAN-Out firewall rule that drops all traffic, except TCP and UDP packets where:

Source = my LAN subnet, Destination = any network

If I create a LAN-Out firewall rule that drop all traffic, except TCP and UDP packets where:

Source = any network, Destination - my LAN subnet

You have to imagine it from the perspective of the firewall itself, and think in packets and not connections. I'm guessing you're testing from a LAN host?These are blocked because any packets leaving the router/firewall via the LAN interface (e.g., those coming from the WAN) will not have a source IP address in the LAN's subnet.As expected. A packet leaving the firewall via the LAN interface would be expected to have a source IP address of virtually anything, and a destination as a LAN IP address.