After some playing around, I think firewalls are slightly less confusing. I just wanted to run my setup by you folks.
I have LAN, CCTV, MAIN, and GUEST firewall zones.
LAN is for trusted devices, CCTV is self-explanatory, MAIN includes an IPTV and VoIP set up I prefer to keep off the LAN zone, and GUEST is...guest.
I want to make sure CCTV has no access to the router or the internet. I want MAIN to have access to the internet but not to the router. The same goes for GUEST, obviously.
And, of course, I don't want WAN having any input access to anything. Well, you get what I mean.
Does that look about right? No gaping holes in the layout?