When you have more than one network to assign to a firewall rule it can sometimes be more efficient to create a firewall group and then name that in the rule. It also can make the rule easier to read. Here are the commands to create a firewall group (of type "network") called LAN_NETWORKS on an EdgeRouter:
set firewall group network-group LAN_NETWORKS description 'RFC1918 Private Networks'
set firewall group network-group LAN_NETWORKS network 192.168.0.0/16
set firewall group network-group LAN_NETWORKS network 172.16.0.0/12
set firewall group network-group LAN_NETWORKS network 10.0.0.0/8
The above group is a list of all RFC1918 private networks.
Example showing use of this group when creating a firewall rule:
set firewall name GUEST_IN default-action accept
set firewall name GUEST_IN description 'guest to wan/lan'
set firewall name GUEST_IN rule 1 action drop
set firewall name GUEST_IN rule 1 description 'drop guest to lan'
set firewall name GUEST_IN rule 1 destination group network-group LAN_NETWORKS
set firewall name GUEST_IN rule 1 log disable
set firewall name GUEST_IN rule 1 protocol all