Is it possible to block a device from accessing the Internet but allow LAN?

I have a broken laptop which I use as a camera NVR monitor, I want to disable access to the internet completely but allow for my camera system. Right now I have windows 10 updates disabled using apps found online so that the laptop would not restart at all. Is it possible to define a device in the firewall to block internet access but allow local LAN?

Local LAN is allowed by default and a bit difficult to block anyway.
If the laptop has static IP or static DHCP lease, you could add a firewall rule to drop traffic from LAN zone source IP towards the WAN.

6 Likes is the IP of the camera, so dropping traffic from that IP to the WAN would make the camera unable to access the Internet. What OP is trying to do is keep the laptop from accessing the Internet, so that Windows 10 updates (which Microsoft forces) won't cause it to reboot.

So it sounds like OP should apply your suggestion, but using the IP address of the laptop, not the camera.


Yes, if I misinterpreted that IP .45 is of the camera's and not the laptop's, then he should use the IP of the laptop as source rule.

1 Like
  • I believe that installing adblock and enabling the Winspy list will accomplish the same thing
  • This user wanted to do something similar: Applying firewall rules

Or as already noted, completely blocking the laptop from reaching WAN should work too.

I don't think you need to do anything from the OpenWrt router.

Just set the laptop's Windows network settings with static IP and leave the "gateway" IP empty (or at

That way it will work for LAN devices but it can't reach the Internet, as the "gateway IP" is the IP of the router that provides internet access.

1 Like