Philip, thanks for your fast response. I'm using this switch for my home network, and my servers are on the 10.0.0.0/24 subnet too. I should have explicitly stated that I just want the one port to only be able to see my default gateway, and not the rest of the network, while still allowing all other hosts to communicate with the rest of the network. Otherwise, using switchport protected on all the ports would work. 

I see two simple solutions, and one more complex solution:

• Remove the default gateway from your servers, and then they wont try and talk to the Internet.
• Configure the Internet device to block all devices except the one desired.
• Make your switch the default gateway for the current LAN.  Create a new layer 3 port between your switch and the default gateway.  Use a new /30 stub.  On this stub link between your switch and the Internet device create an ACL to allow just the one host to talk to the Internet.

I can't do the either of the simpler solutions, but the more complex one would work. I feared that I would have to end up editing the subnet masks. I'll leave this thread open to see if anyone else might have any other ideas. Thanks for your help so far, I appreciate it. 

How come you can't just remove the default gateways on the machines you don't want to access the Internet?

I still want all my hosts to access the Internet, I just want to permit the host using 10.0.0.5 to only see 10.0.0.1 (my default gateway)  so that it can access the Internet. I want to make sure that it cannot see any other hosts in the 10.0.0.0/24 network. 

Then back to your plan 'A'.  Create a layer 3 port to the one host and put an ACL on it.  This should be a new /30 stub, and not be inside your existing subnet.

I changed my host I want to block to use 10.0.10.2/24 and gave my port 24 on my switch 10.0.10.1/24. I don't know what I need to do to get port 24 to forward traffic to my default gateway (10.0.0.1). I'd appreciate any help on this.