Hi guys I manage a small enterprise's network. I'm not an expert, but i have some knowledge The whole network gets on the internet through a asus router with tomato on it. There are about 20 computers, on the same lan, connected to a big switch and then one port goes into the router. Now the problem: recently it became a necessity to cut off from the internet some of the computers completely. All of the computers must communicate with each other in the lan, but some must not get internet. Now, i can filter in the tomato firewall to only accept outside communications to some of the mac's and that would be the easy way. Bu what one guy with some knowledge sniffs the mac of one of the allowed computers and changes his own to that and goes through? Is there another, safer way? Thank you!