RAK7268 Firewall Rules for internet access


We currently sell RAK7268 to our customers, and some prefer to use the LTE gateways with our provided Twilio Super Sims. A customer had a request to use the broadcasted SSID by the RAK7268 to access the internet. We can charge them accordingly, but we would like to block all future users from accessing the internet and only allow a few endpoints. I know we can stop broadcasting the SSID, but we need it enabled if customers want to set up Static IPs/WiFi. I am not concerned about them possibly changing the firewall rules as most won’t even know where to look.

How would I go about blocking all traffic other than a few endpoints over TCP:443?

Thank you,