I use the RFC alias above to reject access from a subnet to other private networks. After this rule there is the ipv4 pass this net to any rule.
So far so good, well, what I don't understand is that I can access any node on the same subnet in my case 192.168.5.x (I would think the alias would also block access to nodes on the same subnet). The only one I cannot access is the firewall 192.168.5.1?
You both are right of course. Now I have I blocked access between nodes on the same subnet using client Isolation on the AP.