Why is routing/FW not working

This is bit infuriating :-/ I set this rule:

Any traffic
From any host in lan
To IP in lan
Discard forward

Which should mean any PC in LAN zone ( so internal NW ) should not be able contact IP above… but zero F. given by router… the traffic is going on line nobody’s business.

If both devices are on the same subnet, they communicate directly, no router involved. That also means no firewalling possible.

Yea same subnet, hmm how to deal with it then. I want to isolate one IP from the rest of the network, but I want it to be accessible also from only one IP from LAN NW

Put it on a different subnet, then.