Is there a designated (or typical) means to limit specific system’s (IP’s / MAC’s) WAN (internet) access and/or - better yet - block / limit their access to specific on-line services?
only if you can rule out that said systems user(s) will ever use some sort of tunnel or vpn.
imho preferable to just educate them if possible.
dns-based blocking in the routers dns-server is lightweight and effective, but dns over tls is about to land in browsers (also dnssec), so there goes that.
for lag-free gaming while netflix’ing you should try sqm-scripts (luci-app-sqm) with the piece_of_cake.
1 Like
Indeed there’s no water-proof method (I realize), tunneling out of the network is hard to stop.
Thanks for the suggestions (more are welcome ofcourse).