We want to block all out bound except for those applications we want to allow out like HTTP on 80 and 443 for example.
Is it best to place the rule on the WAN interface over the LAN due to the fact that if more LAN interfaces are created you only have one interface to edit?
Is it best to place the rule on the WAN interface over the LAN due to the fact that if more LAN interfaces are created you only have one interface to edit?
Firewall rules should be created on the interface that traffic enters, so the LAN interface in this case. If you're using some type of configuration management for your rules (which you should be doing), duplicating rules for an additional inside interface is trivial task.
