VLans and subnets

I am about to purchase the GL.iNet GL-MT1300 (Beryl) mini router. It has all the features I want, except for two that is not clear yet. Block internet domains and IPs - This should be achievable with iptables. And subnets. Is it possible to configure several subnets, at least three, with one GL-MT1300 router that is connected to my ISP modem ? I would like to accomplished this via WIFI VLANS, even if I have two LAN free ports. I am also opened for other suggestions. The goal is to separate different kind of devices in my own network so they don’t connect to each other and so I can apply different security rules (possibly with iptables)

Btw, does GLinet have a good modem as well? (Probably that works as router as well)

The router has guest wifi option, which use a separate network from your private wifi. Other things may be achieved using iptables.

What do you mena “good modem”?

I don’t think I can achieve what I want with iptables. I could separate hosts setting iptables rules so IoT devices won’t connect to other machines and the packets are dropped. This would however work only at the router level, which implies all packets would need to pass the router.

I also thought about having different virtual interfaces. One for each kind of separation I want to do - IoT, normal devices, (Wi-Fi guest already available, this can be ignored). Then have a main interface where all the packets arrive. The main interface would forward the packets to the right interface according to client static IP. This would allow me to have the same subnet for all hosts and hence only one SSID, but still have a separation. Does this make sense?

About the modem, I haven’t found one Gl.Inet that would work as a modem as well?