This will block the router, not the lan.
@mdp716 delete forwarding from lan to wan. Then create a rule to allow the desired source mac addresses from lan to wan.
uci add firewall rule
uci add_list firewall.@rule[-1].proto='all'
uci set firewall.@rule[-1].name='test'
uci set firewall.@rule[-1].dest='wan'
uci set firewall.@rule[-1].target='ACCEPT'
uci set firewall.@rule[-1].src='lan'
uci add_list firewall.@rule[-1].src_mac='00:11:22:33:44:55'
uci add_list firewall.@rule[-1].src_mac='00:66:77:88:99:AA'
uci add_list firewall.@rule[-1].src_mac='MORE_MACS'
uci -q delete firewall.@forwarding[0]
uci commit firewall
service firewall restart