See the Images below. When configured like the first image, my IOT devices are able to talk to my home network. But when configured like this second image, they stop working.
I’m assuming this means I don’t understand the difference between using Block and using !Invert.
At first sight it looks like it ought to work.
If I look at my rules … I’ve defined an alias for all vlan subnets.
My Guest & IoT only have internet access, my other vlans can see the Guest and IoT.
On my Guest / IoT I have a rule to allow traffic out of WAN with !ALL_VLANS as the destination. Followed by a rule for Reject traffic with destination of ALL_VLANS.
The main difference I can see is that you have not included your IoT vlan in your alias. You are using Aliases in your source, perhaps you have an error there, I’ve only every put the vlan.
My guess is that you have a conflict in your alias somewhere, based on how many you have (seems a lot perhaps). Don’t think block and/or invert is the issue.
Seems like the fault was related to using the Alias as the source. Once I changed the source to IOT net, everything started working. I didn’t see anything obviously wrong with the Alias though… hmm
Afterwards I changed my IOT and Guest networks to use the same rules you mentioned. Couldn’t think of a good reason for why I was doing it my way.