1.2.3

1.2.3  ::  Install permieter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment.

The proper way to implement this is to setup your wireless networks on their own VLAN.  On your Layer3 device to do the VLAN routing, you can implement the services and network/hosts that the wireless network can communicate with.