Firewall rules for LAN not honored
I have 3/5 ports in use for LAN, 2/5 for WAN (failover LB over WAN1 + WAN2). While the FW rules work just fine for outbound connections I have trouble getting the same rules applied to LAN-to-LAN connections:
e.g. I have a [TP-Link TL-SG108] switch connected to LAN port #3. I have my WLAN router connected to LAN port #4.
One of my servers is connected to the switch (which is connected to the port #3 at the router). I disabled some service, e.g. DNS (both TCP and UDP), for the WLAN for LAN server. Nevertheless, I can connect to the [DNS] service. Applying the same rule for outbound connection works as expected, the connection to the [DNS] service is blocked.
The rule is:
ID, Name, Source, Destination, Policy, Service Type, Interface, Effective Time
1, test, ANY, ANY, Block, DNS, LAN, Any
and changing only the Interface to ANY or WAN1/WAN1 disables the service for WANs (or WAN1/WAN2). The LAN is always allowed, regardless of setting. Router has been rebooted multiple times after applying [new] rules.
Why is the LAN connections not blocked with my rule(s) and/or how can I block LAN-to-LAN connections to selected service(s)?