No one has replied but thats ok. I have tested this in the lab and its working. The only thing is if you are entering this command from MIST change the last line to
set interfaces irb unit 20 family inet filter input av-filter
I Hate GUI
------------------------------
Preetinder Singh
------------------------------
Original Message:
Sent: 05-26-2023 15:26
From: Preetinder Singh
Subject: Firewall Filter Question
Hi Guys
I am new to juniper firewall filters but by reading i have prepared the configuration. My aim is to stop devices communication with in VLAN 20 (irb.20) to other subnets. But they should be able to go to internet. Same - other devices should not be able to communicate to devices in VALN 20 (irb.20). Can you please check my config and advised if this looks ok
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.40.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.20.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.1.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.10.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.30.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.60.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.253.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.2.0.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.2.51.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.6.1.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.7.1.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.8.1.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.9.1.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.171.5.0/24
set firewall family inet filter av-filter term discard-traffic from source-address 10.100.0.0/23
set firewall family inet filter av-filter term discard-traffic from source-address 10.101.0.0/23
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.20.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.40.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.1.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.10.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.30.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.60.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.253.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.2.0.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.2.51.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.6.1.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.7.1.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.8.1.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.9.1.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.171.5.0/24
set firewall family inet filter av-filter term discard-traffic from destination-address 10.100.0.0/23
set firewall family inet filter av-filter term discard-traffic from destination-address 10.101.0.0/23
set firewall family inet filter av-filter term discard-traffic then reject
set firewall family inet filter av-filter term permit-all then accept
set interface irb.20 family inet filter input av-filter
------------------------------
Preetinder Singh
------------------------------