Blocking packets from going through the router (like LAN1 -> LAN2) is handled with firewall rule applied in IN direction.
To filter packets destined for ER itself, apply a firewall rule in the LOCAL direction.
So create a LAN2_LOCAL ruleset and apply it on LAN2 interface in LOCAL direction. Make sure traffic like DNS and DHCP is allowed.
ruleset like this will work
Default action = allow
drop destination = LAN1 interface
Also , see http://community.ubnt.com/t5/EdgeMAX/Layman-s-firewall-explanation/m-p/1436103#M91494