Thank you for your attention, I understand you about the ball.
in the local network, some machines should have access to the Internet to resources from
only the white list, clients are connected via wifi,
I tried different solutions found in the community, maybe something broke in the configuration, I can draw conclusions about the necessary sections
no, there are only two addresses, if I understood you correctly, you need to add
1 - /etc/config/firewall
config rule
option name 'whitelist'
list proto 'all'
option src 'fox'
option ipset 'allow-fox'
option dest 'wan'
option target 'ACCEPT'
config ipset
option name 'whitelist'
option family 'ipv4'
list match 'dest_ip'
2 - /etc/config/dhcp
config ipset
list name 'whitelist'
option table_family 'inet'
list domain 'ipchicken.com'
list domain 'ipleak.net'
3 - add traffic rules for mac adress - advanced settings -
use ipset - whitelist
source mac adress - 11:22:33:44:55:66