Ok.. I don't have a lab box to test it but I guess, you should configure "from destination-port" in the term allow-internet, and should apply the filter under family inet hierarchy. i.e. "set interface <interface name> unit <unit no> family inet filter input <filter name>
But unfortunately, I didn't get the expected results.
can you explain what did you try ? (scenario & config)
1. I don't understand "inet" vs. "ethernet-switching" when it comes to filters and VLANs. What path should I try?
inet and ethernet-switching are the family which you configure under interface. family inet is used for ipv4 and family eithernet-switchings is used for layer 2 stuff ( filtering traffic based on src/dst mac address etc)
if you want to filter traffic based on src/dst ip address & ports, apply the filter under family inet
if yuu want to filter the traffic based on src/dst mac address, apply the filter under family ethernet-switching
2. I don't understand "VLAN" vs. "VLAN interface" and where is the right place to apply firewall filters
vlan interface is nothing but svi (in cisco) rvi (in juniper)