Ebtables - disable dhcp from a device

Hi All, I have looked through the help topics but it seems the something is missing to make the following work.

ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP                     
ebtables -A INPUT --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP                
ebtables -A FORWARD --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP                   
ebtables -A FORWARD --in-interface tap0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP

the result of any of these is

Unable to update the kernel. Two possible causes:
1. Multiple ebtables programs were executing simultaneously. The ebtables
   userspace tool doesn't by default support multiple ebtables programs running
   concurrently. The ebtables option --concurrent or a tool like flock can be
   used to support concurrent scripts that update the ebtables kernel tables.
2. The kernel doesn't support a certain ebtables extension, consider
   recompiling your kernel or insmod the extension.

Some googling and it seems that maybe ebt_ip is missing? I have the following

root@OpenWrt:/etc/config# ls /lib/modules/5.10.134/ebt*
/lib/modules/5.10.134/ebt_802_3.ko       /lib/modules/5.10.134/ebt_stp.ko
/lib/modules/5.10.134/ebt_among.ko       /lib/modules/5.10.134/ebt_vlan.ko
/lib/modules/5.10.134/ebt_limit.ko       /lib/modules/5.10.134/ebtable_broute.ko
/lib/modules/5.10.134/ebt_mark.ko        /lib/modules/5.10.134/ebtable_filter.ko
/lib/modules/5.10.134/ebt_mark_m.ko      /lib/modules/5.10.134/ebtable_nat.ko
/lib/modules/5.10.134/ebt_pkttype.ko     /lib/modules/5.10.134/ebtables.ko
/lib/modules/5.10.134/ebt_redirect.ko

Or maybe I am too old and there is a better way to disable dhcp over a device that is part of an interface. Basically I dont want to get dhcp requests on my interface from my vpn device.

Using OpenWrt 22.03.0-rc6, r19590-042d558536

Thanks for any help

22.03 is using nftables, which should replace the iptables and ebtables.

You need to specifically install ebtables-nft, not ebtables.