I have created a number of VLAN's on my pfsense firewall. Each VLAN can talk to a single infrastructure vlan but not each other. All VLAN's should be able to talk to the internet.
The guides online show how to configure this kind of setup. They have you block inter-VLAN traffic and then have a catch all rule at the end that allows all other traffic. Here is an example: https://calvin.me/mymedia/uploads/2014/09/9.png
This may be the way to do it, but I wonder if there is a way to have the firewall rules setup so that you only allow WAN traffic. I tried Source: VLAN2, Destination: WAN, but that did not work. If I add Source: *, Destination : * it works, but I want to avoid that.
Is this possible?