I don’t know if I understand. You can block by mac already. You add the host as a static Ip in dhcp, by mac and use that host when you are blocking stuff. What exactly are you trying to do? If lock out from Internet all you do is create a static Ip from the macs you want to block, add a rule that blocks all incoming connections to that specific host and profit. All outgoing are already blocked by default I believe? Maybe got it mixed up 
anyways that’s what I do. Use my Linux machine for Internet and Windows for gaming, so I do that to restrict Internet. I also use Windows firewall to control the 2 or so apps I need through. If you want to block everything is super easy just set the firewall to block all to the host, don’t need to worry about proxy unless you wish to block specific content.