Yes, that limit is kind of a pain. Easy to have more things that you'd like to block than that. Again using the terminal interface you can do more with iptables directly. Been a long time since I've messed around with it and I'm not confident giving specific instructions. Search around some and you should find info if you want to try.That's exactly what I've just been doing. I wanted to try some different adjustments to the camera's Day/Night mode and IR Illuminator, etc., and I just unblocked it temporarily by logging into the router itself, then blocked it again when I was done.
I wish the Asus router would allow me to block more than 16 devices from the internet. At some point, I'll probably have to move the cams to a separate network that has no internet connection, and then I'll lose the ability to play with them remotely altogether, I suppose. Still, this is all pretty sweet!
Short of that as a more simple fix you can set the gateway, DNS, and other settings on the device itself to its own IP or other non-valid values to prevent it from getting anything out. Assuming that you don't have ports forwarded or devices exposed otherwise, nothing should be coming in anyway other than your own traffic through the VPN. I usually do both so that if I forget or change one or the other at some point there will be at least some fall-back. That will break email, ftp, etc., from the device that some may want to work but behind BI or other system most won't use those much anyway.
You can access the cams behind another network/subnet/VLAN if you set up the routing.