You may use "apply-path" option to achieve this. Below given is a sample config used to block all ICMP traffic destined to any IP address on SRX.
root@Router-3# show policy-options | display set
set policy-options prefix-list SRX-Interface-IPs apply-path "interfaces <*> unit <*> family inet address <*>" ===> This config will include all IP address configured on SRX
[edit]
root@Router-3# show firewall | display set
set firewall family inet filter Block-ICMP-To-SRX term 1 from destination-prefix-list SRX-Interface-IPs ===> Used the above prefix-list as destination address on filter
set firewall family inet filter Block-ICMP-To-SRX term 1 from protocol icmp
set firewall family inet filter Block-ICMP-To-SRX term 1 from icmp-type echo-request
set firewall family inet filter Block-ICMP-To-SRX term 1 then discard
set firewall family inet filter Block-ICMP-To-SRX term 2 then accept
[edit]
root@Router-3#
Below given is the verification:
root@Router-3# show policy-options | display inheritance
prefix-list SRX-Interface-IPs {
##
## apply-path was expanded to:
## 2.2.2.0/24;
## 1.1.1.0/24;
##
apply-path "interfaces <*> unit <*> family inet address <*>";
}
[edit]
root@Router-3#
Ref:
https://kb.juniper.net/InfoCenter/KB29448