My guess is that by doing this, the Subnet 172.16.3.0/24 will not be able to reach the internet anymore, because it won’t be able to reach the uplink Subnet which is also a RFC1819 network. So in my opinion you would need to make an Allow rule with 172.16.3.0/24 as the Source and the uplink subnet as the destination, above the Deny rules.
... View more
