Hi Guys

I'm planning a large network for a holiday park. I've got everything worked out hardware/costing wise but the client has just informed me that he doesn't want individual SSID/VLANs in each holiday let but rather a site wide SSID.

No problemo I thought. I can make a huge DHCP pool for him but I worry about isolating the users from each other.

Is there a way to do this with in rOS? I'm going to be using Unifi WiFi but the guest settings on there will not prevent ip/arp scanning from showing everyone else on the site. I'd rather not have 200+ angry holiday makers moaning at me about their summertime ransomware attacks. I have plenty of experience segregating VLANs from each other but never on a user by user basis on one network.

Maybe I could make a filter rule to block every IP on the subnet apart from the gateway? I'm not sure, so thought I'd ask the experts.

At first a warning: a large roaming WiFi network is not going to work as well as you hope, unless you buy it from one of the (expensive) makers that specialize in this.
Just putting a large number of APs with the same SSID is not going to prevent that people who walk across the park and end up in their room remain connected to the last AP where they got signal.

Aside from that, you can implement client-to-client isolation both at the APs themselves and in the switches you use to interconnect them.
Don't even think about using a mesh topology! use wired connection of every AP to switch(es) that provide this client-to-client isolation, plus a router for the DHCP etc.
All clients will be able to connect to the router and beyond, but not to other clients in the same network.

This will mostly solve your problem, but of course it will also cause new problems, because there is no local peer-to-peer connectivity, e.g. between a user's phone and his ChromeCast.