Hello everyone,
I would to block one device to communicate outside my Lan.
So I Just created the rule number 5

0 chain=forward action=passthrough
1 chain=forward action=accept ipsec-policy=in,ipsec
2 chain=forward action=accept ipsec-policy=out,ipsec
3 chain=forward action=fasttrack-connection connection-state=established,related
4 chain=forward action=accept connection-state=established,related,untracked
5 chain=forward action=drop src-address=192.168.0.52 in-interface-list=LAN log=yes log-prefix="device_drop:"
6 chain=forward action=drop connection-state=invalid
7 chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN

So that will block that machine to initiated any connection, but if I'm correct, it will not block it if I need to access it right ?