I installed pfSense 2.4.1, to replace my Asus AC68U as my router, and purchased an Ubiquiti UAP-AC-PRO for my wireless. So far so good, but I had one thing I REALLY wanted done with this new firewall, that my old one could not, and that was properly blocking all traffic going OUT, except NTP, and DNS to resolve those NTP entries. So my set up was as follows:
If you want me to get into each of the rules, let me know and I can. It works great, as I can see it allowing the NTP and DNS entries. This works best if your DNS server is your router/gateway. If it is not, you will have to substitute in what your DNS servers are. I am waiting for something to call home, so I can then report that to FDT, my camera manufacturer, and ask them WHY is it calling home?!