Firewall/NAT

I am running multi-nics each with a specific VLAN ID Attached and some rules to control access.

Thus far I can only get internet access on VLANS that get the firewall rule with the wildcard "*" as the destination. If I narrow it down and specify WAN for example it fails.

Any idea how I can control net access to VLANS / NICS and why is my firewall rule failing?

Note: I have edited and re-checked the firewall rule over and over but ONLY if that stupid wildcard is in place is it possible to use the internet. This is bad simply because I cannot allow that specific VLAN to cross over.

Any help is always appreciated.

That is correct behavior.

Say you are on Vlan 3, you need to add block rules to Vlan 1 and 2 if you want to stop them from talking to each other and then alllow access to *

The issue is your machines on your vlans don't access your WAN IP, they are accessing whatever IP that DNS resolves for www.website.com.  So you need to allow access to * at some level.  All ports or limit it to 53, 80 and 443 if you only want web access.

Remember rules are checked top down.

Hope this helps a little.