I have 2 rules in my firewall to block one client from using the wan network.
config rule
option name 'Block-CLIENT-to-WAN'
list proto 'all'
option src 'lan'
option src_mac '02:12:34:56:78:90'
option dest 'wan'
option target 'REJECT'
---> Passes on firewall restart and works.
config rule
option name 'Block-WAN-to-CLIENT'
list proto 'all'
option src 'wan'
option dest 'lan'
option src_mac '02:12:34:56:78:90'
option target 'REJECT'
---> Doesn't pass on firewall restart and therefore probably also doesn't work.
Firewall log
Warning: Option @rule[12].dest_mac is unknown
Is the 2nd rule even neccessary and can it even work?