Firewall filters: "Internet-only" for a VLAN

Hi there,

I like to take my first steps into the world of firewall filtering on EX3300 switches, but the more I read the more I'm getting confused! :-)

My first project is: From vlan123 everything should be forbidden except "going to the internet" and ICMP traffic for monitoring purposes.

This is my first try. I didn't test it yet, because that's only possible on saturday's during "maintenance time".

firewall {
	family inet
		filter vlan123-filters
			term allow-internet {
				from {
					protocol [ tcp udp ];
					port [ 53 80 443 ];
				}
				then accept;
			term allow-icmp {
				from {
					protocol icmp:
				}
				then accept;
			}
	vlans {
		vlan123 {
			filter {
				input vlan123-filters;
				output vlan123-filters;
			}
		}
	}
}

What do you think about that? I would be very glad about comments so I can give it a try tomorrow!

Thanks a lot and many greets

Stephan