Question blocking LAN client from WAN

Hello,

I blocked a client with the following rule from wan:

config rule
	option src 'lan'
	option dest 'wan'
	option name 'block'
	option proto 'all'
	option src_mac '00:00:00:00:00:00'
	option target 'REJECT'

However, I see in Majordomo the following statistics for its upload

Does this mean that it is still connected to the internet or that the displayed value is only the uploaded packets which reached the omnia and then were later rejected?

Should I also block all traffic coming from WAN to the client?

Thanks for your help

Ok, so I hope you actually put the client’s MAC in and not 00’s.

I believe Majordomo counts all traffic seen by that client, so it would include client-to-client data transfer. If it’s communicating with something else internally that would be included in those stats.

Blocking incoming traffic to the client’s MAC isn’t a bad idea.

Also, be sure the client (you don’t mention if it’s simply a device under your control or a rogue student’s workstation) doesn’t spoof a MAC, that would slip out from your rule.

No, they are not really zeros.
The device is a Philips Hue bridge and
the destination addresses shown in the detailed view of Majordomo are public addresses (google cloud, ntp servers, aws, etc…).
I will add a blocking rule for incoming traffic and then have look if something changes