核心 业务vlan 10 192.168.10.0/24 业务vlan 20 192.168.20.0/24 互联vlan 30 192.168.30.0/24 vlan30 互联防火墙 需求 : 拒绝业务地址 192.168.20.2 去链接防火墙(禁止该地址上网),也就是拒绝去链接互联vlan 30 set firewall family ethernet-switching filter deny term 1 from ip-source-address 192.168.20.2/32 set firewall family ethernet-switching filter deny term 1 from ip-destination-address 192.168.30.100/32 set firewall family ethernet-switching filter deny term 1 then discard set firewall family ethernet-switching filter deny term 2 then accept set vlans vlan20 forwarding-options filter input deny filter 名称deny 挂到业务vlan vlan20 set vlans vlan20 forwarding-options filter input deny