WaterByWind
commented
3 years ago The rules can apply wherever you apply them - that is entirely up to you.
If you want to add a rule to the 'out' direction on an interface (such as your WAN) then you absolutely can do so. There is nothing preventing that.
I'm thinking of the specific case of a malware talking to its C&C server via UDP. These rules won't block the upload traffic. Given the growing number of ransomware with the goal of stealing private data, a upload-only UDP connection should be enough for them for their job.