    I can block PORT outgoing to/incoming from the INTERNET. But for local network, all PCs can freely connect together and bypass all iptables's rules. How can I control the traffic inside Local Network? Look like they're direct connect to each other.

    Thanks so much for advice :)

    ps. Local PCs are both connected by wire and wireless.
    The only thing I can think of is to use a software firewall on the machines you want restricted internally.
    A software firewall on each PC is the only way to do it as the firewall is where IPtables blocks all the ports/traffic but this is only between the wan port (internet) and internal network. So as far as the router is concerned it just allows full access between any local PC connected via wireless or the switch ports.
    Can i know how? I want to block port for my one pc i.e shouldnt access port 2960 udp/tcp. All others can.
    Go to the "Access Restriction" page and create a rule that applies to that is scheduled for "All day", "Every day" and add the ports youd like to block in the "blocked resources".
    Web interface --> Access Restrictions.
    edit: agrrrr! acidmelt, you got me by 1 minute!
