Something like this
iptables -I FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx -m conntrack --ctstate ESTABLISHED,RELATED -j DROP
and this to allow access again:
iptables -D FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx -m conntrack --ctstate ESTABLISHED,RELATED -j DROPeven just dropping all packets from that mac, but the question is how to get that into the firewall early enough that it hasn't been accepted already 
iptables -I FORWARD -m mac --mac-source xx:xx:xx:xx:xx:xx -j DROP
Of course that will shut off outgoing packets not incoming
@YvanCB it looks like the "forwarding_rule" chain executes before the ACCEPT of established,related traffic so if you can add your rule to that chain, it should work. I'm not sure how to inject a rule into a specific chain using UCI but you could do it with a command line:
iptables -A forwarding_rule ...
Hello,
Thank you dlakelan, hisham, rj-45 and lleachii.
Can I add 'iptables" rules in the custom rules tab of the firewall :
It seems that these rules are active just after the firewall start (or re-start).
Regards.
True!
I'm not sure, but it's possible to use ban-ip (luci-app-banip) to block discord ip's, then with crontab you can set
the block time, someone maybe have better idea.
Yes you could use that tab to add your time based rules to the "forwarding_rule" chain, where it will be run before the accept of established,related traffic
Thanks you. I will try when I have enough time.
Regards.
For what it's worth, I'm blocking ports 50001-50010 and that seems to work.