Chapter 4 in that book, page 90, Protecting the Routing Engine.
There's a configuration example of firewall filter which is how to do an acl in junos.
Add a firewall input filter on your lo0 interface:
family inet {
filter protect_re {
term allow_ssh {
from {
source-address {
10.1.2.0/24;
}
protocol tcp;
destination-port ssh;
}
then accept;
}
term deny_ssh {
from {
protocol tcp;
destination-port ssh;
}
then {
discard;
}
}
term default {
then accept;
}
}
}
Instead of the address you could just use a prefix-list configured under policy-options.