Internet blocking for a specific client

Hi All,

I want to block Internet only for clients with specific MAC addresses in my Access Point. What would be the appropriate approach for this?

I know a few ones like:

  1. Blackholing DNS server for that client but that client can always circumvent it using proxy or Manual DNS.
  2. Using iptables to block the entire traffic but i am not confident of this approach as iptables has it's own limitations.

Please let know if any other good approaches i can take.


Thanks i'll look it over.

1 Like

Or provide a bogus gateway IP through the DHCP.

Or put everyone in a VLAN with firewall zone Input reject settings. Like the way to isolate webcams etc.