@phillipmcmahon I thought part of the idea with ZBF was to be able to group interfaces with similar trust levels into zones rather than have to set up zones/rules for each. What I ended up doing was creating a zone for each interface except for the Mullvad one. Because it functions as a WAN interface and is trusted no better than my normal WAN, I went ahead and assigned it to the WAN zone. Everything works fine so far. I can appreciate the concept and power of ZBF and the rules are obviously a bit easier to understand since you create one for each traffic flow versus just IN/OUT/local. Not sure what I personally gained by setting it up versus sticking with interface-assigned rules though. Maybe I’m missing the point.