Configure IOS Firewall on R2 to protect the EIGRP network. Ensure it can reach the rest of the network.
No access but ICMP is allowed to R2.
R1 should be able to Telnet to R2 using its loopback2 address as source. Configure ingress ACL on WAN links, including anti-spoofing technique. Do not deny RFC1918 address space.
Configure prevention against TCP host-specific denial-of-service on R2. Set the threshold to 200 before the firewall engine starts deleting half-open sessions to the host.