Enable RDP for internal network only
The standard commercial router you mentioned do not allow any incoming connection from outside to the inside of the network. You need to specify allow the incoming connections through port forwarding. If you want to connect to the PC through the same network i.e. both tablet and PC are connection to the same local area network, you don't need to worry about outside users connection to the PC from the Internet since the NAT device (the router) won't allow it by default.
If you want to access the RDP from outside the network e.g. through the Internet, but want to restrict the access to specific IP address, I don't think the commercial router would be flexible enough for such a rule. However, you can accomplish this through your Windows firewall. In order to restrict RDP to specific IP addresses,
- Go to the control panel->Administrative Tools
- Windows Firewall with Advanced Settings
- Inbound Rules
- Remote Desktop (TCP-In)
- Go to the Properties->Scope tab
- Add the IP (or IP range) in the Remote IP addresses section
You should make sure that you are using RDP with the strongest encryption levels enabled. You should also consider using the built-in windows firewall (see how to set this up with advanced settings) or another firewall to only allow connections from your tablet. You can also ensure that your router doesn't allow the RDP port from the Internet.
Other options are to run RDP over SSH. You can do this with OpenSSH, or free for personal use in Tunnelier, which I have used in the past for secured RDP over SSH (free for home use). If you go over SSH you can then use certificates, which gives you a much higher level of security since its impractical to break the certificate key in addition to your password.