You need distinct interfaces for each vlan to apply firewall rules on them or you can do this exclusively with source/destination address/network groups.
You can use pseudo-ethernet interface to create distinct interfaces for all of them.
To get inspiration on writing firewall rules for this purpose, see my config in another post Home vyos configuration review & feedback - #7 by ishan
Since you have a single trunk port connected to a switch, you don’t need to use bridges in vyos. I had to use it because I have multiple ports on the router(connected to different switches)