I have some systems which are doubted to be infected with Trojan Win32/conficker. So I want to isolate those systems from locally accessing my other system in LAN to prevent trojan spreading. At the same time I want to allow the Internet access to remain open to the infected ones and all others also. I tried many combinations of rules but it is not happening. I have Dlink Di-524.