We are trying to offer free wifi to our client visiting the restaurant but we don’t want them to have access to our work LAN or access to the firewall GUI.
I order my rules with allow first then followed by reject.
However, doesn’t sound sensible to “share” your LAN with the public, I’d set up a separate vlan for guests, then you have total control over that vlan instead of finding out that later you made an error and exposed your network.