I'm trying to block some POE cameras from accessing the internet. But I'd like them to have LAN access to an internal time server. Is this the correct configuration? I have the MAC addresses in the advanced tab, so no IP address in this screen shot.
Does this configuration block only LAN to WAN traffic? Do I need a separate one for WAN to LAN traffic, or is that unnecessary? I'm using a program that's on the LAN to proxy the camera stream, so the camera should never get connections from the outside.
Both "drop" and "reject" can be used in this case right? Reject just works faster, so the camera doesn't have to wait for timeout to know it doesn't have internet access?