WAN Subnet Block

Well, in the WLAN I need to block access to the WAN for 1 single IP address. This IP address doesn't belong to a PC, so I cannot easily check to which internet IP it logs on in the cloud (WAN). As far as it's destination is unknown to me, I cannot make use of the Type: WAN address.

Using the default rule "everything is blocked unless allowed" crossed my mind and it is possible, because all pc's here receive an IP on MAC address, but it would mean that I'll have to create a pass rule in WLAN for every single device (70 devices ), as now there is only one rule WLAN -> !LAN.

As you mentioned in an earlier reply by default everything is blocked, you said this is only inbound. So this means that by default any device can ping, let's say Google, but there will be now reply as all inboung is blocked, am I right?.
So if I don't want this device to establish a connection to a server/cloud on the internet and I cannot make a rule (inbound) for this device to the destination WAN. I will have to make a rule for each one of the 70 devices. This rule will be device=ip specific and let the device go everywhere, except the device I don't want to, then the default blocking rule will keep this device from establishing a connection.
Hmmm 70 devices means 70 rules lot's of work to be done

I think you are confusing some things. So let me step back a bit...

First all firewall rules are sorted by interface, and they are inbound rules. If you want to block someone from going to the Internet on port 25 (keeping spam down) then you set up that rule on the LAN interface.

The default rule lets all traffic out on LAN. You can adjust this as needed, or set up some blocks before hand. For example, say you have a mail server that needs to send mail on port 25, but you want to black malware from poisening your IP address. (Common thing...) On LAN, you first need an Allow rule with source of the mail servers IP, port any, destination is any IP, port 25. Then you need a block rule for source any, any, destination any, port 25. Then the default rule. That way a e-mail going out from the mail server will hit the first rule, match and go. An infected PC trying to spam will hit the second ruls, and be blocked. Something not e-mail will hit the default rule and pass.

As to the default rule, your theory on ping is good, but not accurate. When you ping out, you open a temporary port that is NATed back to you, so they can respond.

Now the WAN Ip address is a setting because the WAN is sometimes DHCP, so we can not just type it in. That means "WAN Address" is actually whatever the current IP address on WAN is. It may be used for things like allowing something access to the firewall itself. Like allowing on the WAN source any, any, destination WAN Address, 443. That means you could see the GUI from anywhere. (Doing this may not be a good idea from a security standpoint. But it does make a nice honey-pot!)

Does that help?

Thanks! It will be interesting to see how it all shakes out.