@newtechguy I found a site that refers to firewall rules as ACLs. Is that what you were describing? you can setup systems, ipfire in between, and using firewall rules, allow/deny communication.
[hostA 192.168.10.5] ----- [LAN 192.168.10.1 ipfire WAN 192.168.20.1] — [hostB 192.168.20.5]
According to ipfire, LAN ===> WAN permitted but not the other way.
HTH