You can do this using the builtin
ipfw firewall (it is not the default firewall in Snow Leopard, but it is still included). You can configure from the command line, the exact rule set you need depends on your other requirements, but the specific rule in question would be something like:
# allow AFP (port 548) traffic from 10net /sbin/ipfw add allow tcp from 10.0.0/24 to any 548 # deny all other AFP traffic ipfw add deny tcp from any to any 548
Obviously you will need to adjust that for your specific network. Also, these rules are not persistent, which means you will need to add a script to run them commands every reboot. On the other hand, that means that if you wedge your networking while trying to come up with appropriate rules you can always just reboot to reset the stack. There are plenty of ipfw tutorials on the web (most of them are aimed at FreeBSD users, but it is the same interface).