So far, we can match arp and 802.1a types:
vyos@bri# set firewall bridge forward filter rule 10 ethernet-type Possible completions: 802.1q Customer VLAN tag type 802.1ad Service VLAN tag type arp Adress Resolution Protocol ipv4 Internet Protocol version 4 ipv6 Internet Protocol version 6 [edit] vyos@bri# set firewall bridge forward filter rule 10 ethernet-type
And on vlan data/header:
vyos@bri# set firewall bridge forward filter rule 10 vlan Possible completions: id Vlan id priority Vlan priority(pcp) [edit] vyos@bri#
If we want to catch arp requests on bridge using vlans, we need to add type under vlan.
References: https://www.netfilter.org/projects/nftables/manpage.html#lbCF