[Solved] How to filter ARP-Requests with Nftables using a Raspberry Pi as AP (using hostapd)

hopelessStudent Asks: How to filter ARP-Requests with Nftables using a Raspberry Pi as AP (using hostapd)
I´m trying to filter ARP-requests coming from certain IP-addresses in my network. I tried :

table arp filter {
        chain input {
                type filter hook input priority 0; policy drop;
                arp saddr ip counter accept #ISP-Router
                arp saddr ip counter accept #Laptop
                arp operation reply counter accept}}

It should drop all ARP-requests not coming from either the router or the laptop. But requests send by my smartphone are still recieved by my laptop. (My Pi acts as routed access point, it is connected to the ISP-Router via ethernet and uses interface wlan for AP function.)

Then I tried to use table netdev with ingress hook because (at least in theory) it should resolve first:

table netdev wlan {
        chain wlanFilter {
                type filter hook ingress device wlan0 priority 0;
                meta protocol arp counter drop # ARP-requests were still getting from smartphone to laptop, but ARP-Cache on Pi was incomplete afterwards  
                meta pkttype {broadcast, multicast} counter drop # didn´t filter ARP Broadcast}}

I also tried to use the hostapd function ap_isolate=1. Same result.

I use Raspberry Pi OS with kernel version 5.10.17-v7+, hostapd version 2.8-devel, nft version 0.9.6, dnsmasq version 2.80. ip_forward is active and NAT aswell. I wasn´t using a bridge but to be thoroughly: I tried table bridge with similar rules, no success. I then changed the whole setup to bridged access point instead of routed. I tried all rulesets again. Didn´t work either.

Could it be, that Hostapd forwards packets to the local network before packetfilter like Nftables are enforced? Or is there something wrong with my ruleset? Or is it something else altogether?

Ten-tools.com may not be responsible for the answers or solutions given to any question asked by the users. All Answers or responses are user generated answers and we do not have proof of its validity or correctness. Please vote for the answer that helped you in order to help others find out which is the most helpful answer. Questions labeled as solved may be solved or may not be solved depending on the type of question and the date posted for some posts may be scheduled to be deleted periodically. Do not hesitate to share your response here to help other visitors like you. Thank you, Ten-tools.