Timed firewall rules on main router when client connected via relayd repeater

I've got LEDE setup on my main router (R7800) and a wireless repeater (RE450) using relayd and am having some troubles ensuring some parental control firewall rules work when devices are connected to the repeater.

The firewall rules live on the R7800 and use the mac address of the device (src_mac) to apply various time limits (and disabling the use of any external DNS services save for OpenDNS family friendly).

When a client is connected to the main router it all works as expected, however, when connected to the repeater (which has its firewall disabled) the devices can still access the internet past the time they should be cutoff.

I'm guessing the relay bridge is causing the MAC address of the client not to make it through somehow to the main router - is there any setting I'm missing?