Found enough guides on the internet how to block certain devices from reaching the internet. you would make firewall traffic rules that reject lan>wan on mac addresses specified on the advanced tab.
I tried to make it like this, but it's not working, not even after a reboot. i can see something has changed as the connections seemed unstable, but they still connect to the internet, at least sometimes.
This is probably because i also use a wireguard interface, and in the firewall settings i have set wan>wireguard adapter, so that all traffic is forced to go over wireguard if they want to access the internet.
So i thought to create a secondary traffic rule in the firewall that would also reject the outgoing wireguard. So i had two rules, one that rejects lan>wireguard adapter, and a lan>wan reject rule, with all the correct mac addresses added in the advanced tab.
How do they still have internet? What can i do to make them available locally but reject their internet access?
Thanks!