I have a Flint2 on our boat and when we go offshore, our Starlink data is expensive. We want to allow our personal devices to access the WAN but we want to block our server from the WAN. We still need to server to be completely accessible on the LAN.
What is the best way to do this?
I would go to the Advanced Settings area and open up the LuCI interface. Then go to Network->Firewall->Traffic Rules. There, you can create a rule that blocks your server from WAN access. There, I think you'll want to create two rules: one to block the server from sending data out, and another to block the WAN from sending data to your server.
For blocking your server from sending data to WAN, use source zone of device and then select your server from the source address menu. Set the output zone to WAN and the action to reject.
For blocking the WAN from sending data to your server, use the source zone of WAN, destination zone of device, destination address is your server, and action is reject.
You'll have to enable/disable these rules as-needed, but I think that should do it.