VLAN Firewall Config

Hello.

I have been trying to implement VLAN Firewall rules to prevent inter-VLAN routing from 50 to 254. 

254 to 50 should still be allowed.

I've followed some previous posts, and I came up with the following... but I know there are still some issues.

I'd like to avoid interruption of WAN service if possible.

    name PROTECT_LAN {
        default-action accept
        description VLAN50-RULES
        rule 1 {
            action accept
            description "Accept established / related"
            log enable
            protocol all
            state {
                established enable
                invalid disable
                new disable
                related enable
            }
        }
        rule 2 {
            action drop
            description "Block packets to VLAN254"
            destination {
                address 10.95.254.0/24
                group {
                }
            }
            log enable
            protocol all
            source {
                address 10.95.50.0/24
            }
            state {
                established disable
                invalid disable
                new enable
                related disable
            }
        }
    }

Any help with this would be appreciated.