Hello, Running Advanced Tomato Firmware 1.28.0000 -3.5-140 K26ARM USB AIO-64K on Asus RT AC68U . My current network topology can be visualized in the following (to the best of my charting abilities). Based on my setup, I am using the router with WAN disabled (and used as a LAN port), so dont know whether its acting as a router or a switch or a gateway (dont exactly know the expected difference in its behaviour), I have selected it to be a gateway anyhow, which it is for the rest of the network clients. So I was trying to put some access restrictions for my devices, namely Amazon Dash buttons (to be used in a DIY Home Automation Project), to not to be able to call home/internet and trigger notifications on the mobile and periodic emails (i know I can turn off the mobile app notifications). So I did put the following access restriction rule in place, however it is not working at all. I mean the dash button is still able to reach internet and trigger mobile app notification. A question, it is mentioned as MAC/IP, so does it work for both or either one of them is much preferable for a specific reason. Wherever I read on the internet, it is always mentioned by the MAC address, hence what is the need to mention IP address then. I did read that Access Restriction rules will not work if the WAN port is disabled, so just wanted to confirm that, and to know of any other workaround possibility to make it work in my specific scenario (without bringing much change to the network setup Thanks for reading and possible guidance.