Addition

iptables -I INPUT -s 5.5.5.0/29 -p tcp -dport 80 -j DROP

Will indeed block all access to the router interface on both 192.168.1.1 and 5.5.5.1 for all vlan2 clients, while still be open for vlan0 clients. 🙂

Also, to best apply this guide to the latest DD-WRT v24 sp2 everything can be followed, except the nvram commands for moving a LAN port and creating a vlan, this nowadays works flawlessly from the web UI.