I know how to create the rule, but my question is on best practice from a security/pfSense standpoint.
Does the gateway routing policy rule in A suffice? As in anything going to the normal LAN would be routed out to Failover gateway and be lost or is best to follow B and put a invert Destination filter?
I am not clear on exactly what your goal is.
So I’m planning out my rules in excel hence why its not a screenshot of pfSense rule page.
But what my end goal is to keep VLAN10 from from talking to the rest of the network. MY understanding is both rule-set A and B will achieve this but which one is the preferred way?
Assuming you want VLAN 10 to get out to the internet but not to other local network you could just create and alias for RFC 1918 networks and create a rule with the destination !RFC1918ALIAS but you will need a rule above it to allow DNS if you are using pfsense for DNS
