Linksys WRT1900AC v1, OpenWrt r19337, internet via PPPoE
I have a device (embedded computer, IOT) that must only connect to the internet via a proxy server (with filtering) running on my OpenWrt router. It must never access the internet directly. I can't trust the OS / software to always keep it's proxy gateway settings unmodified and never bypass them, nor try to call home disregarding those settings if the proxy refuses the connection.
One solution would be to connect this device to a dedicated router port that I remove from the bridge and LAN zone and deactivate all packet forwarding for that port.
How safe is this? I'm worried about a possible "race condition". There are routers known to bridge even WAN and LAN ports for a few seconds while booting. Is this the case for all routers with embedded switches? Is there a chance for the PPPoE to connect before the restricted port is removed from the firewall LAN zone?
Any other suggested solution?
Thanks!