Firewall in Bridged LXC Containers

I am new to networking, and I am trying to implement a firewall inside an LXC container (Alpine Linux) that is bridged with another LXC container (Alpine Linux) through a br0 interface. Right now, my only goal is to block all traffic that is coming from the client device through the container. So far I have had lots of trouble getting any of the firewall rules to apply/work properly. What happens is I can set a rule/policy (e.g. drop forward chain), verify that it is in the ruleset, but then when I connect a client device to the network, it does not seem to apply (I can still access the network). I am using nftables to configure the firewall settings. My basic process is: 1. install nftables. 1. add policy to drop packets in the forwarding chain. I have tried every possible configuration I can think of for these rules. I was reading that because the container is bridged, that the data packets only travel on layer 2, so the layer 3 firewall rules would not ever apply to the packet, is this true? I have been able to use layer 2 rules to block traffic (e.g. bridge rules in nftables and ebtables rules), but nothing on layer 3 yet. For more background, here is the container interface setup: WLAN0/WLAN1 -> br0 (Container A) -> br0 (Container B) -> eth0 -> internet I am trying to apply firewall rules inside of container A right now. If any more information is needed, let me know :)