To accomplish this, you will need to put the Ethernet interfaces into Port Isolate mode under Configuration - Ethernet - select the Ethernet interface - Advanced. When changing from Hub Port mode, you will need to save the changes and reboot the router for the change to take effect. An unique IP address will need to be assigned to the desired Ethernet interface.
The following firewall rules will block internet access (on PPP 1) for devices connected to Ethernet interface 2:
#Allow client on eth 2 web GUI access only
pass in break end on eth 2 from any to addr-eth 2 port=80 inspect-state
#Block all other traffic on eth 2
block break end on eth 2 from any to any
Replace the PPP and eth interface numbers to accommodate your specific environment.
Last updated:
Jan 12, 2024