Here is the configuration file.Without understanding how your rules are currently setup, it would be presumptive to come up with any solution as it would be guessing.
One should realize that rules are integrated and can affect other rules and thus the flow of traffic.
Others waste all our time by such frivolous attempts and quite frankly I am getting tired of it.
Get the facts.
Please post your config
/export file=anynameyouwish ( minus router serial number, any public WANIPs, keys, long dhcp lease lists etc.. )
Thanks for your patience.
I already have filter rule that allows only specific users to port 2 and 3, so I want another rule that does not allow the users to access port 4. I want to create a guest network using a single port so that existing users do not connect port 4.Simplest way I think:
Firewall rule, forwarding chain, drop all with connection state = new towards that out-interface.
Place rule before first accept rule on forward chain.
Make sure you still have another way to get to that device connected on that port or you will lock yourself out.