Stanislav Khromov
There are times when you want a device on your network to be able to access the local network but not be able to connect to the internet, for example to reduce the sending of telemetry and tracking data. Here is how you can accomplish this using Ubiquiti EdgeMax / EdgeRouter.
Go to the Firewall/NAT and then Firewall Policies. Add a new Ruleset.
Give your ruleset a name and select Accept as the default action.
Edit your new Ruleset and add a new Rule. Set the action to Drop.
Under the Source configuration, enter either an IP address or the MAC address that corresponds to the device you wish to block. Generally I would advise to block by MAC address, as that never tends to change, while the IP address can change if a device has not been connected to your network for a while and loses its DHCP lease. The MAC address for all your devices can be found under Services > DHCP Server > Actions > View Leases.
The last step is to configure the ruleset to be applied to the outbound WAN connection, this is typically eth0. You can find it under the Interfaces tab for the Ruleset.
After saving everything you can verify that the block works. You can also open the Stats tab for your ruleset to check if your blocking rule is being triggered.
Msix