You really should do this by specifying the interfaces instead of the networks IMHO.
Assuming your DMZ is on eth2 and your LAN is on eth1, it would go like:
iptables -I FORWARD -i eth2 -o eth1 -j DROP
But you should really try to make these type of rules non-necessary in the first place. To do that, you set your policy to DROP and then make exceptions by adding ACCEPT rules. Since you wouldn't have an ACCEPT rule for DMZ to LAN traffic, it would be firewalled by default. It's just a suggestion.