[zdsf]

I have factory reset the router and just set up the VLAN using GUI according to https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=334342 : "Simple LAN side port VLAN Port 1-3 are in VLAN1, Port 4 is in VLAN3"

That's all. Nothing changed from factory otherwise but the problem still persists. When a MAC address on VLAN3 is denied internet access, it also becomes inaccessible from VLAN1. I feel without anyone trying to replicate, we will be in a circular discussion.

[ho1Aetoo]

And we still have no idea how exactly your router is configured.

In the example "Net Isolation" is enabled - if "Net Isolation" is enabled then of course there can be no traffic between br0 and br1.

But you say in an earlier post that you don't have "Net Isolation" enabled.

So I tested the example without "Net Isolation" enabled for br1.

Then I blocked the internet access via iptable rule for a VLAN3 device = result the device has no internet access anymore but the access VLAN1<-->VLAN3 still works.

So no idea what you are doing but you are doing it wrong.

[zdsf]

As per the initial post, MAC address internet blocking is done through the GUI: >>Access restrictions>>WAN Access.

blocking a MAC through an IPtable rule works fine, but from the GUI it doesnt. If this question seems to be wasting the time of the community members, I won't pursue it further.

[ho1Aetoo]

The solution was already given to you in the first reply.

You have never written that it works, but only that it does not work - so yes, you are wasting our time.

Especially with complicated setups with multiple subnets and VLANs and VAPs you can not set everything in the GUI.

[zdsf]

I apologize for shedding light on a problem in the GUI. Maybe GUI-oriented users can either dig in the forums or move on to a different platform.