I want to allow access to only 1 public internet IP address from a wireless access point cAP ac.
The hardwired connection will be DHCP.
How should I proceed?
If your WAN interface is ether1 and your IP is 123.123.123.123, then it would look like this:
add action=accept chain=forward out-interface=ether1 dst-address=123.123.123.123
add action=drop chain=forward out-interface=ether1
This is very basic rule. I suggest learning more about firewalls. 
For any firewall rule, you have to define which subnet is the request coming, which interface or which IP addresses.
You have the address that is the allowed permissible wan address (destination address)
As noted, propose what you would do and we can comment.
If you want to literally reach only one IP on the Internet, then just have a static route for that one IP and don’t configure a default route.
I think you have made a very good suggestion. Thank you.