Heh disregard... that took all of the internet down at that site.
This is what I committed...
-----
set firewall family inet filter local_acl term terminal_access from source-address 10.0.0.0/8
set firewall family inet filter local_acl term terminal_access from protocol tcp
set firewall family inet filter local_acl term terminal_access from port ssh
set firewall family inet filter local_acl term terminal_access from port telnet
set firewall family inet filter local_acl term terminal_access then accept
set firewall family inet filter local_acl term terminal_access_denied from protocol tcp
set firewall family inet filter local_acl term terminal_access_denied from port ssh
set firewall family inet filter local_acl term terminal_access_denied from port telnet
set firewall family inet filter local_acl term terminal_access_denied then log
set firewall family inet filter local_acl term terminal_access_denied then discard
set firewall family inet filter local_acl term default-term then accept
set interface ge-0/1/0 unit 0 family inet filter input local_acl
---
hoenstly for this inet switch - we just use the console cable and laptop to access it. I prefer to have no remote access to it at all. Lower risk of someone getting into it but the example above killed all internet access at that site.
Thanks
John