Hello,
wrote:
Can I add one more quesiton, why or when shall I use in firewall famaly "ethernet-switching" or "inet"?
"family inet" filter can be only added to :
1/ L3 interface under "family inet" stanza
2/ as a forwarding-table filter
"family inet" filter cannot be added to a VLAN.
Back to Your original pb - I believe You could have accomplished the same thing (blocking/allowing comms between 2 VLANs) with a "family inet" filter on IRB.
HTH
Thx
Alex