pfSense - How to allow traffic only to the internet for part of hosts?

I have computers on my network that I want to allow access to LAN resources - I created an alias with their IP addresses (LAN_WHITELIST). For the other devices I would like to do Internet access only.

So I have also created an alias for private networks: 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 - INTERNAL_NET.

My rules look as follows:

That is, I pass LAN_WHITELIST to INTERNAL_NET. I block not LAN_WHITELIST to INTERNAL_NET. The rest of the rules are default.

Right now:

• the computers with LAN_WHITELIST have access to the Internet and to the LAN servers. This is OK.
• the computers outside of LAN_WHITELIST do not have access to the Internet, but they do have access to the LAN servers. This is WRONG.

How do I correct the rules to make this work as I need it to?

EDIT: Just understood that I need to give access to the pfSense for non LAN_WHITELIST hosts, because they receive its address as DNS (192.168.0.1). So now it looks !LAN_WHITELIST have Internet access.

EDIT2: May it be that the traffic doesn't go via router, so I can't block it with firewall rules? All hosts and servers are in the same local network.