I can't figure out how to limit an ACL rule to only apply to a specific VLAN when using a single vlan-aware bridge.
I tried the --vlan-id match, but it says unsupported. I tried using the ifname.vlan notation in the -i / -o for the rules but although it doesn't throw an error, the rule is also not applied. (it shows in an ebtables -L but traffic is not affected by it)
I've tried by using the 'classic' bridge (i.e. have one bridge per vlan) and when doing it that way, then using the subinterface seems to work.