I use a TP-Link TL-WR841N/ND v12 (192.168.12.1) as cascade (own DHCP) behind a Fritzbox (192.168.11.1). How can i block the access to the Fritzbox network but internet access is required. Only one port must have access to the Fritzbox network.
If I understand your question correctly, you would block forwarding from the LEDE (LAN) to IPs on the Fritzbox network (WAN).
In LuCI, the rule would read:
- Discard forward from any host in LAN to any host in any zone if destination IP equals 192.168.11.0/24