Probably a complete noob question, but the firewall filter mentality is a bit different than the simple ACL's of my previous switches.
My environment:
Approx 40 vlans, most are /24's with IRB's.
Vlan168, 192.168.168.x/24 network is private. Can talk to other Vlans, but can't be reached from other vlans.
I'd like to block traffic FROM all the other vlans TO a particular vlan, Vlan ID 168. Irb.168 is the routed interface.
Will I need to make a firewall rule for each particular Vlan to prevent it from talking to 168? In my old switches, I'd just do an ACL that blocked all traffic from X.X.X.X/X to 192.168.168.1/24.
After reading through the documentation, it seems as though I'd want to block access to the Vlan.
What would be the most efficient way to accomplish this?
There aren't many examples in the documentation for something this simple. I only see a "from" argument, no "to" in the initial creation statement.
Does anyone have an example of a simple ACL configuration I can look at?