For some reason this common operation is undocumented and I'm quite sure I'm not the only one who wants to do this. I did try using the Zones section although that resulted in no traffic going anywhere.
Keep in mind that you still need to have firewall rules in place above this line if you want any outgoing traffic to be passed out such as http etc.
- Login and navigate using the Menu: Network --> Firewall and after that Traffic Rules
- Go to "New forward rule:", name it WAN Block or whetever you prefer.
- Enter the rest as below:
Restrict to address family: IPv4 and IPv6 Protocol: TCP + UDP Match ICMP type: any Source zone: lan Source MAC address: any Source address: any Source port: any (empty) Desination zone: wan Destination address: any Distination port any (empty) Action: reject
Remember that it should always be placed last.