Re: Port Forward Restriction

You need to create the rule using explicit DNAT and Firewall rules, rather than the port forward "wizard" page.

Here's an example (for FTP).

Firewall:

 rule 7 {
     action accept
     description FTP
     destination {
         port 21
     }
     protocol tcp
     state {
         new enable
     }
 }

DNAT:

 rule 7 {
     description FTP
     destination {
         port 21
     }
     inbound-interface eth0
     inside-address {
         address 192.168.10.20
         port 21
     }
     log disable
     protocol tcp
     type destination
 }

In your case, you would just add a "source" stanza to the firewall rule.  You could also do it to the NAT rule, but that's just adding complexity where you don't necessarily need it.