Computer networks

How to make network hosts not see each other, but only the gateway?

Good afternoon.
There is a task to provide Internet access via WiFi (about 1-5 thousand clients are expected). The entire infrastructure is already there (based on Ubiquiti and HP points). The infrastructure provides a single gateway network with clients. The gateway has a self-made Captive Portal running using iptables, but this is not very relevant to the question.
The gateway distributes IP addresses in this network (now it distributes from the network 10.240.0.0/255.240.0.0).
The problem is that network users "see" each other on the network. Not all users have the ability to protect themselves online, so I would like to cover them.
The network administrator is still looking for the right solution in this case: the ability to block intranet communication using the Ubiquiti and HP settings. But so far without success.
Question: is it possible to somehow solve this problem with network settings?
For example, it may be useful to hand out addresses with a mask of 255.255.255.255, then the hosts will send everything to the gateway, which will filter what is needed. But I have doubts that with such a mask they will generally send something to the gateway.
Or another option: distribute micronetworks to clients with 4 addresses (fortunately, there is enough address space). But how to set it up - I'll never know (5000 networks in /etc/network/interfaces on the gateway?)
Thanks in advance.