The documentation ( https://docs.cumulusnetworks.com/display/DOCS/Netfilter+-+ACLs
) seems to suggest that only swp+ and bond+ are supported in access lists.
However, vlan+ seems to work fine, despite not being documented. Is this the proper way to protect vlan interfaces?
In our case, we have an IP address assigned to a vlan, and do not want to allow SSH from the entire internet to the switch.