hopkins35 wrote: My advice would be to change the default firewall rule in Firewall >> General Setup >> Default Rule >> Filter from 'pass' to 'block'. This means that all inbound connections would be blocked by default. You can setup your allowed connections by creating new rules in the default data filter or create and name a new set. Inbound connections should be set as WAN -> LAN/RT/VPN, source ip would be any unless your only allowing from a fixed IP, destination ip would be your server's IP and service type would be the protocol and port or ports in question (source port would normally be 1-65535 with the destination port fixed e.g. destination port 443 TCP for HTTPS to a webserver)

hopkins35 wrote: You've essentially run before you can walk by creating a VLAN. How many subnets have you got setup, do you have devices with IP addresses in the 192.168.1.x and 192.168.2.x ranges? If so, when you change the default rule from pass to block you will prevent the two subnets from communicating with each other. If you wish to keep your current setup, and I would advise against it until you understand the basics a bit more, you will need to create two LAN > LAN rules, both with address type set as Subnet Address and subnet mask as 255.255.255.0 and one will have the source IP address set as 192.168.1.0 and destination 192.168.2.0 and the other rule will be the reverse of that, allowing communication between the two subnets.

However I recommend that you ditch the VLAN and multiple subnets and concentrate on working out your firewall rules correctly. You can use the diagnose functionality of the firewall to see how a certain type of data will be handled, whether allowed or blocked.

If you keep your default rule set to block you will need to allow outbound communications by creating a rule that's set as LAN > WAN and leave all IPs and service types set to 'Any'. Bear in mind how the firewall will work - it will inspect where a data packet is coming from, where it's going to and what protocol it uses, it will then work it's way down your list of rules for instruction on whether to allow or block it. If you set your default rule to 'block', it will work its way through your rules and if it doesn't find a rule telling it to allow the connection then it will block it therefore if you have a rule 2 saying allow this and a rule 3 saying block this, it will be allowed because rule 2 comes first. It is therefore useful to have 'catch all' rules like allow all outbound LAN > WAN, mentioned above, at the end of a filter set or, even better still, in it's own filter set called 'catch all rules' or something like that. Also note that at the bottom of a filter set there is an option for 'Next Filter Set', make sure you set this if you have too many rules to fit in one set or if you create another like the 'catch all' set to organise them.