Looking for a solution to block internet access to single device on network

[dr.stevil]

I have a device (Nintendo Switch) on my home network that I’d like to be able to connect to other devices on the LAN, but I want to keep it from accessing anything outside that network (or more specifically, Nintendo’s servers). It’s modified and don’t want to risk a hardware ban, etc.

Is there a relatively easy way to do this?
I run Kong’s ddwrt on my router but I only have pretty basic knowledge of networking.

I know that I could probably setup a DNS on my home server to block those IP’s, but that seems fairly risky as the device in question could potentially bypass that DNS(afaik), but again, networking isn’t my forte.

Any ideas on how I could make that happen?

 

[Machupo]

Doesn't DDWRT have access restrictions by device (internet access being one of them)?

https://wiki.dd-wrt.com/wiki/index.php/Access_Restrictions

 

[dr.stevil]

Doesn't DDWRT have access restrictions by device (internet access being one of them)?

https://wiki.dd-wrt.com/wiki/index.php/Access_Restrictions

You’re awesome!

Didn’t even know this was a thing. Thanks friend.

 

[EniGmA1987]

You could also get the Switch's mac address and set that mac address to always be a specific IP in the router, then make a firewall rule that blocks all WAN traffic for that IP. There is a way around this since the IP will only be assigned if the Switch is asking for DHCP, and if you set the IP manually then you can bypass the firewall rule. But as long as you either dont let someone change your IP manually then it is fine. I assume since this is your own switch then you will know not to change to something else.

 

[grasshoppa]

You could just assign a static address to the device, then give it a false gateway address...or no gateway at all.

 

[dr.stevil]

So I was able to apply a filter with DDWRT per the MAC address of the switch. I got it connected to the network, without any internet access, which is nice, but ideally I'd like it to still be able to access the internet.

I attempted to then filter/blacklist specific domains owned by Nintendo, but unfortunately, there are more domains than DDWRT lets me add (IIRC, it only gives me the ability to add 9 or 12). Unless a can get around this limitation, I may have to look into creating my own DNS to do the job. There are 3rd parties that do this for you, but I don't necessarily want to have to rely on a 3rd party for obvious reasons.

Thanks for the help fellas