This will be the filter:
[edit firewall family inet]
dev@lab01# show
filter rdp-filter {
term allow-all{
from {
source-address {
192.168.1.0/24;
}
}
then {
accept;
}
}
term block-rdp {
from {
protocol tcp{
destination-port 3389;
}
}
then {
reject;
}
}
term accept-traffic {
then accept;
}
}
Apply this to the interfaces you want to protect
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
filter {
input rdp-filter;