What's new

Block specific devices from reaching internet?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


Occasional Visitor
Hi guys! I have an Asus AC68U running Merlin v384.19. I have several devices which I don't trust, but which I'd still like to have internal LAN connectivity. But I don't want them reaching the internet, though. How could I do this? Is there any kind of IP or MAC block for this?
I also run a pi-hole, I reckon I can block there...but that would block DNS resolving, if a device (specially ahem, google ones) have their own DNS hard-coded they could still get around.

Last edited:
You could define Network Services Filters, or just create firewall rules (my preference).

iptables -I FORWARD -s -j REJECT
iptables -I FORWARD -m iprange --src-range -j REJECT
iptables -I FORWARD -m mac --mac-source 00:01:02:03:04:05 -j REJECT
Holy cow...I was thinking complicated rules just like what you said. Apparently even the stock firmware includes this. On the network map screen, not clicking on View Clients, but on the bubble on top of it. This shows the clients on a column on the right, and you can block specific devices, permanently or at specific hours! I've had this router for like 4 years, just found out today!
Using Parental Control is another way of blocking Internet access (just don't provide them any allowed time slots).
Thanks! I had no idea these options were so easily available! Thinking of adding some IoT devices, but they're to be controlled from a Home Assistant server, I don't want them exposed to the internet themselves.
Go to the Network Map, click on the "Clients:" button to open the "Client status" tab on the right. Then click on the desired client and choose Block Internet Access:

Use the asus firewall to block a subnet portion and set such devices in this subnet. Easy peasy.

Last edited:
I've been using the @Martineau method for some time (years I suspect), just to add to the number of methods :) It seemed a good method at the time as it allows cameras to be blocked from accessing the Internet but still remain accessible for remote viewing over the VPN.

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!