Firewall/NAT

When making a rule, I can set LAN subnet and WLAN subnet and OPT1 subnet and so on under DESTINATION, but I cant set WAN. I can only set WAN Adress, which only blocks/allows the particular IP on the outside, but not anything else out on the web.

Is there any reason for this being so?
I mean, it would be hard in pure IP-numbers to write that rule in text, it would be allow/block everything, but not LAN-subnet, not WLAN-subnet, not OPT1-subnet and so on...I guess maybe thats the reason, there usually are no simple defined subnet out on the WAN-interface, WAN is meant to be everything else.

Would make it easier to write rules though.
For example if I want to only allow OPT1 to talk out through WAN. Now you have to say "block LAN, block WLAN, block VLAN18, block VLAN 58, allow the rest", to make OPT1 only talk out through WAN.
Instead of "Allow WAN" and then a default block all after that.

Could anyone explain, I dont mind it being like this, my rules are already setup, I just want to understand why it is as it is.

It's just there is no pre-made group 'all interfaces but wan', and maybe 'all interface, secondary ip's and static routes'

I am assuming you are using private ip space inside your network, say 192.168.0.x for example ?  (I'm guessing this from your other posts).  Given this, you can make a single rule like;    allow all traffic in OPT1 that is NOT destined for 192.168.0.0/16.  Remember everything that isn't explicitly passed is blocked by default.

And with one rule you achieve your goal.

It's just there is no pre-made group 'all interfaces but wan', and maybe 'all interface, secondary ip's and static routes'

I am assuming you are using private ip space inside your network, say 192.168.0.x for example ?  (I'm guessing this from your other posts).  Given this, you can make a single rule like;    allow all traffic in OPT1 that is NOT destined for 192.168.0.0/16.  Remember everything that isn't explicitly passed is blocked by default.

And with one rule you achieve your goal.

Oh yeah, thats right, didn't think of that...instead of a rule for every damn local subnet I can bunch them all together like that.

Thanks for that, maybe stupid I didn't think of it myself but sometimes you get locked into the wrong thinkin....or however to explain it with correct english

It's just there is no pre-made group 'all interfaces but wan', and maybe 'all interface, secondary ip's and static routes'

I am assuming you are using private ip space inside your network, say 192.168.0.x for example ?  (I'm guessing this from your other posts).  Given this, you can make a single rule like;    allow all traffic in OPT1 that is NOT destined for 192.168.0.0/16.  Remember everything that isn't explicitly passed is blocked by default.

And with one rule you achieve your goal.

Well, almost at least
If I do like this, then traffic destined for the default gateway is blocked.
So even if it seems internet access is possible, all DNS-queries and god knows what else, netbios stuff and else, is blocked. So, I will need to add en extra rule to allow all traffic to the local interface....maybe except port 80 if I dont want the isolated network to try logging in to m0n0wall.

But sure, still lots easier than a special block rule for every other local network.