I am using the default block policy of drop and for my internal traffic, I want users to know immediately that they're doing something that is forbidden rather than thinking the network has a problem.
For a quick test, I changed an existing rule which was passing traffic to block return:
from:
pass in quick on wired proto icmp from {$zone_w $zone_s}
to:
block return-icmp in quick on wired proto icmp from {$zone_w $zone_s}
However, that doesn't seem to work as expected, I can tell that the ping packets are being dropped.
Lastly, I set the global block policy to return and then also removed the above configuration and replaced it with block out quick on wan. That was still dropping packets as best as I could tell.
For a quick test, I changed an existing rule which was passing traffic to block return:
from:
pass in quick on wired proto icmp from {$zone_w $zone_s}
to:
block return-icmp in quick on wired proto icmp from {$zone_w $zone_s}
However, that doesn't seem to work as expected, I can tell that the ping packets are being dropped.
Lastly, I set the global block policy to return and then also removed the above configuration and replaced it with block out quick on wan. That was still dropping packets as best as I could tell.