I want to block the access of one local IP (192.168.1.100) to the local network (192.168.1.0/24), but so that this IP can be connected from the local network, e.g. via RDP. How should the firewall be set then?
Depends on the rest of the config.
/export file=anynameyouwish (minus router serial number and any public WANIP information etc. )
If traffic from 192.168.1.100 goes via router then you can block it so you have connect this particular device to any port which belongs to 192.168.1.0/24 subnet/bridge. If devices use any external switch they bypass router talking directly and router is involved only when thet talk to WAN.
Ok, device use external switch… I have to look for another solution