Device access restriction

I have a device that I don't trust but I want to use it anyway. the device ip address is and I want to restrict it's internet access and I want it to be abe to reach only device in my local network. can you please guide me how should I do it?

Use VLAN, they are on same subnet so it won't go through the router by default.