I recently bought a hap ac2 device as i found one of my kids was figuring out how to get past OpenDNS adult site filter i set on our Asus home router. Now i already have firewall rules to force all DNS to go through the router to prevent someone from manually entering DNS on a device to avoid the filter. Thats working fine. I also set static DNS entries to force googe, bing, yahoo safe searches. However would anyone know how to force OpenDNS filtering and safe search for a vlan only ? Or i suppose i could do it by DHCP server IP range too like for example set all in DHCP range to force the filter. Anyways looking for advice and options.
You should be good to set src-address in your dst-nat rules matching the subnet of your specific vlan.
If you have more address spaces to cover, you might be better off with an address list.
And I think your post is better placed in General.
-Chris