Hello!
I have a RB2011UiAS-2HnD-IN (OS 6.15) configured as follows:
- access to internet via sfp1 (public IP address, NATed to local network)
- a “Gbit-bridge” set up for gbit ports eth1 to eth5 (ports are not switched using built in switch1)
- Use IP firewall on “Gbit-bridge” is enabled
- dhcp server on “Gbit-bridge”, 192.168.88.0/24, with static leases for MAC-Addresses
- clients in 192.168.88.0/24 use wifi access via E4200 on eth1 and/or WRT610 on eth5 – both in bridge mode
(I need this setup to have good wifi-signal coverage in my flat; wifi-networks have the same SSID, allowing “handover”)
All works very good and nice and fast 
Now. I would like to set up IP firewall rules that
(1) allows 192.168.88.12 to access the internet
(2) allow 192.168.88.12 to connect to 192.168.88.2, but access to all other clients on 192.168.88.0/24 (e.g, 192.168.88.21, …) is blocked
How would I do that?
I tried “everything” with different rules on input or forwarding chain… but I never managed to succeed :-/
So, my hope is within this forum
Many thanks in advance!!