How to block any private networks destination IPs (10.0.0.0/8. 172.16.0.0/12, 192.168.0.0/16) to be forward to WAN?
When I forget to connect VPN to work I wouldn't like to forward this packages to WAN and it should REJECT those packages so I'll know immediately about it (don't have to wait to TIMEOUT).
Addresses in those ranges will never go to the WAN interface as they are not routable externally. Your computer is sending out packets to the switch side of the router with a destination that it does not have in it's ARP table so the packets are silently ignored. You would need a LAN rule to reject connections to 10.0.0.0/8 from your subnet / LAN interface.
