put in a reject rule on the LAN interface, above the permit rule, rejecting traffic to the desired IP. Reject is preferred over block for internal rules because the connection immediately fails, where as with block the user will sit there waiting for the connection to time out.
|