Creating a Deny rule with exceptions for a specific device

[Spiky_Gladiator]

Hi,

I'm having a little bit of trouble setting up a firewall rule(s) for one of the devices that I use.
I want this specific device to:

• Deny access to the internet.
• Allow access to local devices on the same VLAN that the device is connected to.
• Only Allow access to a set of websites\services on the internet.

How can I setup this rule\set of rules ?
 
I presume to target a specific device I need to either use its MAC or IP Address then setup all three separate rules but how can I setup all of the above rules ?

When creating a firewall rule on the VLAN's interface, I don't see any option for inserting a MAC Address anywhere, am I missing something ?

Also, how do I allow a specific websites\services, I get that I need IP Address of the them but again where do I insert them ?

This might seem like something easy to do but I'm struggling with setting the said rules in OPNSense.

Are there any other and better ways of achieving what I want to do ?
 

Any help is appreciated.
Thanks

[Patrick M. Hausen]

Specific permit rules first, deny rule last. Rules are processed in order.

[chemlud]

...top to bottom, until first rule fits the traffic. ;-)

[Fright]

...if its the "first match" ("quick") rule 
(otherwise, the last matching rule wins)

[chemlud]

...yep, but "first match" is the standard, that's what happenz normally in the sense firewall rules tab, until you change (break :-D ) things...