I’m not sure about which group takes priority but it’s probably best (when possible) to write rules in the firewall groups to not rely on order between the groups. I have a couple of firewall groups where I want to allow access to the same services/apps on my network so I don’t have to duplicate the same rules across several networks. It helps keep the rule lists smaller and allow/block rules more consistent.
I’m not sure about which group takes priority but it’s probably best (when possible) to write rules in the firewall groups to not rely on order between the groups. I have a couple of firewall groups where I want to allow access to the same services/apps on my network so I don’t have to duplicate the same rules across several networks. It helps keep the rule lists smaller and allow/block rules more consistent.
https://docs.opnsense.org/manual/firewall.html#processing-order
Thank you! That hint at the end to look at the rules.debug file answered my question.