How to deny remote access to users which are coming under a particular vlan through Juniper Ex- 4200 switch

How to deny remote access to users which are coming under a particular vlan through Juniper Ex- 4200 switch.

Scenario is to create a vlan12 at core switch and an l3 interface has been created for the same with interface vlan.12 and ip is 172.16.112.1/24. Now what the requirement is to deny access of all the users which are configured to vlan12.

For this i have created a new filter name Block12 and apply policy as per below mentioned steps:

1. Create a new filter- Block12

set interfaces vlan unit 12 family inet filter output Block12.

2.Provide source address as default, which depicts any user

set firewall family inet filter Block12 term 1 from source-address 0.0.0.0/0

3. Specify the destination port as telnet.

set firewall family inet filter Block12 term 1 from destination-port 23

4. Specify the destination port as rdp port.

set firewall family inet filter Block12 term 1 from destination-port 3389.

5. Apply policy statement that it should discard all packets coming from source address 0.0.0.0/0 destined to destination port 23 & 3389.

set firewall family inet filter Block12 term 1 then discard.

6.Create a new term which accept all the other traffic.

set firewall family inet filter Block12 term 2 then accept

7. Also attach the new filter to the output of the vlan.12 so that any traffic coming from outside network to vlan12 to a destination port 23 and 3389 should be discard.

set interfaces vlan.12 family inet filter output Block12.

So after applying above set of command rdp and telnet access is blocked.

+     filter Block12 {

+         term 1 {

+             from {

+                 source-address {

+                     0.0.0.0/0;

+                 }

+                 destination-port [ 23 3389 ];

+             }

+             then {

+                 discard;

+             }

+         }

+         term 2 {

+             then accept;

+         }

+     }