Thanks to stigt:

configure
edit firewall group address-group OK_FOR_SSH
set description "hosts that I trust for ssh"
set address 1.1.1.1
set address 2.2.2.2
set address 3.3.3.3
top
commit
 
 
edit firewall name LOCAL_OK
set default-action drop
set enable-default-log
set rule 1 state established enable
set rule 1 state related enable
set rule 1 action accept
set rule 2 state invalid enable
set rule 2 action drop
set rule 3 protocol icmp
set rule 3 action accept
set rule 10 protocol tcp
set rule 10 destination port 22
set rule 10 source group address-group OK_FOR_SSH
set rule 10 action accept
top
commit
 
 
 
set interfaces ethernet eth0 firewall local name LOCAL_OK
commit