Hello, I have little idea about network stuff. I've been using a TL-WR1043N router for many years, it's currently running an OpenWrt 19.07.7. A friend once set up the router for me.
I have a problem, I have to work from home now because of Corona. I have created a virtualbox VM with Windows 10 in "bridged network" mode. So it is for the router a device with its own MAC and IP address. I do not want the VM to access my network, it should only have internet access.
I only ever find instructions on Google to create wireless networks for guests. I'm afraid to do something wrong, and then Internet no longer works.
This is going to be... a challenge, due to the way bridged/NAT/host-only networking works with VirtualBox.
Off the top of my head, one way it might be possible to achieve your intended goal is to stick your VM host behind a separate firewall, segregating it from the rest of your network. Configure that firewall to allow your VM host to access the things it usually accesses, and to allow your Windows VM guest access only to the Internet.
Another way it might be possible is to set up a second VM with OpenWRT (or the firewall of your choice). Configure the Windows guest to use Host-Only networking, and configure the OpenWRT/firewall VM's LAN interface on the same Host-Only network and its WAN interface on the Bridged network. Then configure the firewall in the OpenWRT/firewall VM to allow the Windows guest to talk only to the Internet and not to anything else on the network. Here's a diagram to illustrate the idea:
Bear in mind that, by default, OpenWRT is very permissive outbound. If you want to limit outbound traffic you'll need to write bespoke rules for the LAN->WAN traffic.
Depends for what purpose. You want to allow a host to access everything while denying a guest access to anything. The host and the guest share the same physical link. That poses a significant challenge.
As a quick test, I spun up a set of Windows and OpenWRT VMs to test my idea. I was able to block the Windows VM from talking to my LAN (192.168.69.0/24), and allow the Windows VM access to the Internet (0.0.0.0/0).
For the purpose of this test, the OpenWRT VM was configured with its WAN set to DHCP (bridged network) and the LAN interface (Host only) set to 192.168.43.1/24 (only because 192.168.1.0/24 is used elsewhere here and I wanted to avoid conflicts).
The Windows guest was configured with a single interface (Host only) set to DHCP, so it picked up an IP address in the 192.168.43.0/24 range from the OpenWRT VM. It picked up the address 192.168.43.231.
Here are the entire contents of /etc/config/firewall from the OpenWRT VM:
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option disable_ipv6 '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config rule
list proto 'all'
option name 'Deny LAN'
list src_ip '192.168.43.231'
option dest 'wan'
list dest_ip '192.168.69.0/24'
option src 'lan'
option target 'REJECT'
config rule
list proto 'all'
option name 'Allow Internet'
list src_ip '192.168.43.231'
option dest 'wan'
list dest_ip '0.0.0.0/0'
option src 'lan'
option target 'ACCEPT'
Just to emphasize what iplaywithtoys has raised, your problems are more related to configuring the hypervisor's (virtualbox) networking than with OpenWrt itself.
In theory, the situation could be rather simple - segregate a dedicated VLAN on your TL-WR1043ND (which probably is a bit marginal and could profit from an upgrade), pass only this VLAN through to your VM - but I don't know if virtualbox offers this (with qemu-kvm, I'd create a tap interface, with the VM's WAN as bridge member of this interface).