MAKE GROUPS
Note: since firewall rules don’t let you enter large ranges of items, you have to shove them into a Group when you have lists of things you need to use in a rule.
1. Make new group that has you local address ranges in it (192.168.1.0/24, 192.168.2.0/24, etc – whatever local IPs you use). This will be used for the rule that ACCEPTs local traffic.
2. Make 2nd group for all IP ranges (0.0.0.0/1,128.0.0.0/2,192.0.0.0/3,224.0.0.0/4). This will be used to block all other traffic from that IP.
3. Make a 3rd group that has only the IP you want to block
MAKE RULES
1. Add LAN IN rule to ACCEPT traffic in group 1 above. Source = Group 3, Destination = Group 1
2. Add LAN IN rule to DROP traffic to everything. Source = Group 3, Destination = Group 2
When done, make sure rule 1 is before rule 2 in the list, as they are evaluated in order, and if reversed the machine specified in group 3 will have no connectivity to anything, even local things outside of its own subnet.
Then test it out.
