Hi kronicklez,
It is not possible to block MAC address via zone to zone policy as we use l3 addresses there.
However, you can use firewall filters to block them at interface level but with the family set as ethernet-switching and not inet;
root# show firewall family ethernet-switching
filter Test {
term 1 {
from {
source-mac-address {
00:10:00:00:00:00/16;
}
}
then discard;
}
term 2 {
then accept;
}
}
[edit]
root# show interfaces ge-0/0/2
unit 0 {
family ethernet-switching {
filter {
input Test;
}
}
}