Without some form of firewall rules, I tried to access a machine on Lan from OPT1 this went through souldn this be disallowed as default?
If you have no firewall rules on OPT1 at all you should not be able to access anything from OPT1. Everything is blocked by default. If you have recently removed rules you may have to clear the state table or reboot.
Ok, is the only thing I have to do is to use the last rule in your wifi2rules.jpg on all my LAN`S including default LAN to block acess between them?
Yes that will block access between them because it only allows access to not LOCAL addresses.
With the rules I linked to in my first post I didnt need the DNS forward rule you have set up, it worked without!
That's because those rules do not block access to the DNS forwarder. In that case you are allowing access to everywhere that is not LAN, that includes the DNS forwarder at the GUEST address.
Do I use the last rule on deafult LAN (wifi2rules.jpg) to prevent deault Lan users to acess OPT1 and OPT2?
Why do I need rules for my default LAN when I have added a rule for my op1 and opt2 to not acess the defalut lan, shouldt the block work both ways?
You can use the same !LOCAL rule on LAN or as Wallabybob said above you can leave the default rules and add specific block rules above it. Personally I prefer to have as few rules as I can to achieve the same result.
The existing rules on OPT1-2 will not block traffic from LAN because the firewall rules only filter packets coming into the interface. Once a packet is inside pfSense it can exit on any interface.
6.Is there more rules I need to set a server on one of my OPT lans? Is it only to add the ports I want outside (wan) to the OPT lan interface afterwards?
As Wallabybob said if you want to run, for example, a web server and have it publically available you need to setup a port forward
which will add the appropriate firewall rules for you.
7. I cant see that you have blocked acess to your web gui?
I have allowed access only to addresses which are not local (!LOCAL). Since the pfSense webGUI is a local address it is blocked.
It is very unlikely that you will every pfSense using 'colours' for interfaces. It is considered somewhat crude. A bit 'my first firewall'!
The default setup is one WAN and one LAN in which the firewall rules and DHCP server are all setup for you. I suppose it could be possible to choose from a number of common templates when you install to get you started. As I said pfSense is far more scalable, you can't please everyone all the time, colour coded interfaces just don't make sense on a box with 50 interfaces.