Question on Firewall settings/best practices: If I want to prohibit an entire zone from accessing the internet, is it better to create a Rule or to go to Network > Firewall > General Settings > Zones > Edit and un-check everything under Allow forward to destination zones?
I'm pretty tech adventurous but not an engineer and definitely a newb when it comes to firewalls. Thanks!
If you want to prevent an entire zone from reaching the internet, simply remove the zone foward from <zone name> -> wan. (if that doesn't exist now, no action required).
No other rules are required. This assumes, of course, that you don't have other firewall rules that allow wan access, but that would be the exception, not the rule.
Cool, thanks! Yeah, I wondered after I posted whether I could simply remove the zone forward. Good to know!