Thanks for the quick reply! I already place my IOT devices on LAN4, so no worries--they'll remain there and LAN3 will be just for UPnP gaming systems. :)
I like to understand what I'm doing--essentially here you're just using the console to enable UPnP2, and adding a rule forbidding the use...