Allow only local network for client


Is it possible to ban the Internet from a device in the network?
I want a particular device to only have access to the local network.

With the AVM routers there is the function “Lock”.

What’s the best way to do that?

One of the options might be to block the outgoing communication in the firewall.

You need to know the MAC address of the device and make a new firewall rule.

There is nice article in czech:

Unfortunately I do not have access to my Omnia at the moment, so I cannot check the english names. Basically the guide says following

  • Log-in to the LUCI interface of your Turris
  • Get MAC address of the device you want to block (can be found in the status overview of your Turris)
  • In the Network/Firewall/Firewall rules and a new rule
  • Set “Name” to something meaningful
  • Set “Source” to LAN
  • Set “Source MAC Address” to MAC address of the device you want to block (some devices have multiple network interfaces)
  • Set “Destination” to WAN
  • Set “Action” to Reject
  • Click “Save and Apply” button

That should be it.