On a router, how do I block wan access for a particular machine without blocking its access to the local network?

view full story

http://serverfault.com – On my tp-link TL-WR1043ND router I want to prevent a particular machine from having access to the WAN while still allowing that machine to access other machines on the LAN. My assumption is that I need to do something in the "Access Control" section, however the problem is that it wants an ip range or domain name for the target of the rule. The router uses DHCP to get an address from the WAN, so I don't have any guarantee what the ip address of the wan will be. If the answer is that it's not possible with this router, could someone describe how to do it using OpenWRT instead? (HowTos)