So far, we can match arp and 802.1a types:
vyos@bri# set firewall bridge forward filter rule 10 ethernet-type
Possible completions:
802.1q Customer VLAN tag type
802.1ad Service VLAN tag type
arp Adress Resolution Protocol
ipv4 Internet Protocol version 4
ipv6 Internet Protocol version 6
[edit]
vyos@bri# set firewall bridge forward filter rule 10 ethernet-typeAnd on vlan data/header:
vyos@bri# set firewall bridge forward filter rule 10 vlan
Possible completions:
id Vlan id
priority Vlan priority(pcp)
[edit]
vyos@bri#If we want to catch arp requests on bridge using vlans, we need to add type under vlan.
References: https://www.netfilter.org/projects/nftables/manpage.html#lbCF