Video about DNS blocking with pfBlockerNG starts with two rules on LAN interface designed to restrict DNS queries to servers on the LAN (which includes the pfSense box).
The rule basically says “dns query from system on LAN to server on LAN is OK”. But won’t such a query stay on the lan, and never get routed by pfSense? So why do you need the rule?
If it’s needed to allow queries to the pfSense box, couldn’t the pass rule just say traffic destined for port 53 on “this firewall (self)”?
I’ve also developed a habit with rules to use “LAN net” rather than “any” for source. This catches someone who spoofs their IP address to a non-LAN one. Although return routing would fail in such a case.