Ok, that are a lot of questions, will try to answer one by one.
Have you been adding this rule in /etc/firewall.user since the issue you describe in Post No. 1...or did you try elsewhere first???
I had this rule added to /etc/firewall.user and working before I posted
Did you try any other method (i.e. RAW rules)
No
Are you simply asking for a button or something to basically say "Place this rule in the Linux default FORWARD table"?
Basically yes. Not exactly in the default FORWARD table, zone "forwarding_rule" would also be fine.
Basically...it seems like you want to make something that exempts a PHY, in a zone-based system...on the same layer-of-abstraction???
Not sure I understand this question correctly. My requirement is to drop established connections when the current time frame matches the configured one in the rule. Preferably the "OpenWRT way".
Can you tell us about some of the security considerations you've had to make in your use case?
No security considerations, as I am blocking additional traffic. Main purpose: "block children devices from the internet during sleep time"
Are you sure -o wan
is your rule?
I want to block traffic that goes to the internet, so I am assuming this is correct.
Do you intend for this rule to stop the established,related connection that begun with an inbound or (e.g. 1st timer expired and ongoing) UDP too???
I want to block any kind of connection to the internet.
Doesn't a DROP forward from ANY (or MAC) to WAN at the very top of the Traffic Rules work also??? (i.e. zone-based syntax)
I have not tried that, but what would be the difference to a "REJECT" here?
You can specify specific interface in the advanced tab
Interface seems to be not important. I want to block traffic to the WAN zone.
I hope I have answered the questions in a helpful way. I am not an expert on OpenWRT level and also not on networking level, so maybe my knowledge is simply not good enough to discuss on your level. No offense!