Basically, I want to block some cheap Chinese IOT devices from accessing my home network but be able to connect to the Internet (otherwise, they do not work).
To do this, I moved the Wi-Fi network to which those Chinese IOT devices are connected to a separate interface (named "badnetwork"). I assigned a different C class address to that interface. As a test, I connected my phone to that Wi-Fi network. The phone could connect to the Internet but also to my home network (named "lan"). How can I block devices connected to "badnetwork" from accessing devices connected to "lan"?
I was trying to follow this page but I could not understand it well. The firewall zone looks like this. "badzone" is the firewall-zone assigned to "badnetwork".