Restrict VPN access to a single device

[PathfinderNetworks]

I apologize if this is not exactly the right area to post this- it could be a firewall question I suppose.

At any rate we need to restrict all OpenVPN users to a specific device on the LAN. They will only be allowed to access that one device (which will have a static IP address assigned).

I know we have to use network filter rules to accomplish this. But what I need is an example of what such a rule would look like. I've searched the documentation and found this:
support.untangle.com/hc/en-us/articles/216286288-Restrict-VPN-Access-Using-Filter-Rules
But it's exactly the opposite of what we need to accomplish. That example denies access to a single device while leaving the rest of the network available. I need access to only one device while denying access to the rest of the network.

Let's say, purely for discussion, that the LAN is 192.168.1.0/24. The OpenVPN network is 172.16.134.0/24. The one device they need access to is at 192.168.1.10. No other internal resources will be accessed- not even DNS.

How should I create the network filter rule for that to happen?

Thanks!

[jcoffin]

I would just use Network Filter in http://<lan ip>/admin/index.do#config/network/filter-rules

1st rule
Source Interface = OpenVPN
Destination = <LAN IP of allowed PC>
Action Pass

2nd rule
Source Interface = OpenVPN
Action BLock