Limit wifi wan access to only allow android devices to confirm internet

OK, first, I'm in a real hurry/desperate. I'm doing live streaming and having problems with others using the same connection and disrupting the stream (I think). My apologies if this was already addressed somewhere else.

For now, I've removed everyone and only allowing certain MAC addresses. The problem is I have to allow a couple of Android devices to access LAN devices. Android does this irritating thing of prompting for allowing the connection even though there is no internet access which is confusing for those users. There is also a long term bug with just check yes to allow always. So....

I want to be able to allow whatever is necessary to make Android happy that it has internet access but block everything else.

I know I can use QOS and I have already installed SQM for dealing with bufferbloat but I want to make sure the stream is going well before working on prioritization. I'm not that familiar with iptables and can't afford to screw up and wreck the stream.

Thanks for any help (especially in revealing the secret of how Android checks for internet access).

Since you have SQM installed, set up for Cake with Diffserv 4, ECN enabled, then ensure your video conferencing software is using DSCP marks (in Zoom, that is set by the primary account owner), and use AF33 (30) for the video and leave audio at CS7 (40). That way video will land in the video tin ahead of best effort, and the audio goes to the VoIP tin with the highest priority.
That's the most straightforward, guaranteed to keep videoconferencing running smoothly method I know.

Thanks for the info. Working on things now. I'm using OBS (normal). Will that change things for bufferbloat?

obs on osx? using the rtmp protocol? I've hit all kinds of problems with that, scaling down the resolution and frame rate to more closely match your available bandwidth is the only thing that works.

Not Osx, Windows 10. Things are going well, but still need to keep users from using internet. Really just need to allow Android devices to confirm internet access without actually being able to do any thing else.

this is quite a contradictory requirement unless you have local services that these users should be able to access.

afaik the connectivity check tries to fetch something from google via plain http, but this maybe different for newer versions of android.

a captive portal might offer what you want ... but imho you would be better of just denying access outright if you dont want them to use it.