Blocking outgoing traffic from specific static IP addresses (5268AC FXN router)
I just had AT&T gigabit fiber installed last week. I have several PoE security cameras configured with static IP addresses that feed video into a Mac running SecuritySpy that serves as my security interface / video storage device. I've had no problem configuring the firewall on the 5268AC FXN router provided by AT&T to allow me to access my security system through my Mac.
I do not open the firewall for individual cameras, so incoming attempts to access them are not an issue. My concern is that some of my cameras will attempt to "phone home" out of the box with an outbound connection to the Internet without my knowledge. I have considered configuring a VLAN for the cameras by purchasing a managed switch, but it occurs to me that a simpler solution might be to restrict certain internal IP addresses from any outbound connections outside of my network. So (for example), a camera with static IP address 192.168.1.50 can only communicate with other 192.168.1.xxx addresses within my home network, but the 5268AC FXN would block any packets attempting to go out to the Internet. This would not be a perfect solution, of course, as I would be blocking all of my cameras from accessing the NIST time server, but that is something that can be worked around if needed.
So ... is this something that can be done with the 5268AC FXN router? Or should I bite the bullet and buy a managed switch for a VLAN?