I don't think there's a way to do it entirely via the router. Gargoyle would have no way of knowing which OS is communicating with it, and each OS will report the same MAC address for the network adapter.
I think the simplest way would be to just change the Windows system proxy settings to point to a non-existent server. Go to Control Panel - Internet Options - Connections tab - LAN Settings button and check "Use a proxy server..." and give it 0.0.0.0. I don't know if all browsers honor that setting by default, but I know that IE and Chrome do. Also, note there is a checkbox for bypassing that for local addresses, so you could still administer the router or do local file sharing if you wanted.
This method would require no change to the router settings, and it would still allow Windows Update if you add the following URLs as exceptions:
http://windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
https://*.windowsupdate.microsoft.com
http://*.update.microsoft.com
https://*.update.microsoft.com
http://*.windowsupdate.com
http://download.windowsupdate.com
http://download.microsoft.com
http://*.download.windowsupdate.com
http://wustat.windows.com
http://ntservicepack.microsoft.com
http://stats.microsoft.com
https://stats.microsoft.com
However, this only seems to work on common ports such as 80 and 443. So while I cannot connect to websites using a browser, I can still use BitTorrent since it uses a non-standard port. If you want to block EVERYTHING, what should work is just to disable the network adapter, or manually configure it to use a static IP but give it bad information (like an invalid IP/netmask).
