I tried to keep a user (based on their MAC) without connection and added the following rule to firewall:
config rule
option enabled '1'
option name 'test'
option proto 'all'
option src_mac 'xx:xx:xx:xx:xx:x'
option dest '*'
option target 'REJECT'
The problem was that the router became unresponsive and I was force to access in failsafe mode. After excluding this rule the router become alive again.
You need this rule to disable internet access for a person based on their mac-address.
config rule
option proto 'tcp udp'
option name 'Block Internet for MAC'
option dest 'wan'
option target 'REJECT'
option src 'lan'
option src_mac '00:11:22:33:44:55'
# you can add more mac-addresses with a space 'xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx'
I think your rule caused the firewall to not work entirely because there is no source interface so it may have identified it as input rule. I am not an expert in firewall related stuff so please someone else can better advise you.