Allow Internet access for certain LAN clients only

1. Go Firewall >> Filter Setup >> Set 2 (Default Data Filter), click on an available index number to add new Filter Rules

2. Create a Firewall Rule that blocks all the LAN clients from the Internet:

1. Enable this Filter Rule.
2. Set Direction to ”LAN/DMZ/RT/VPN→WAN,” so that this rule filters the outgoing packets.
3. Leave Source/Destination IP, Source Type, and Fragments as “Any” so that this rule applies to all kinds of outgoing packets.
4. Set Filter Action to “Block If No Further Match,” it means the router will drop the packets if it doesn't match other Filter Rules.
5. Click OK to save.

3. Create a Firewall Rule that allows the specific IP address to the Internet:

1. Enable this Filter Rule
2. Set Direction to ”LAN/DMZ/RT/VPN→WAN”
3. Click Edit to input Source IP. In the pop-up window, select an Address Type, and enter the IP address that you would like to allow Internet access, which is 192.168.1.10 to 192.168.1.15 in this example.
4. Leave Destination IP and Service Type as “Any”
5. Set Filter Action to “Pass Immediately,” so that the traffic source from the defined IP address will be accepted and forwarded to the Internet immediately, no need to check if there are other Filter Rules matched.
6. Click OK to save.

Now we have two Filter Rules. Most of the packets will be blocked by Filter Rule 2 because they don't match the filtering conditions in Filter Rule3, and Filter Rule 3 will filter out the packets sourced from the specific IP range and pass to the Internet