N3048 restrict InterVLAN routing on one VLAN

Hi everyone, I just bought 2x N3048ET-ON devices to replace my 6248 stack.

I need some help with the settings because something is different relative to the 6248.

I use the switch for L3 routing (to connect to my colocation provider). To use that I have 3 VLAN's, 1439, 2439 and 100. I have a redundant uplink and this is done by two subnets (VLAN 1439 and 2439 connected via linknets with 2 static default routes).
I got my /27 (32 public IPv4 addresses) and a IPv6:/48 routed to my own VLAN 100. So far so good.

This works just perfect. But I also want to manage/monitor my switch in-band on a separate management/own network VLAN50. The VLAN50 is connected with a regular router/firewall (outside the switch) and comes back into a tagged VLAN50 and originates from the VLAN100.

When I give my VLAN50 an IP-address on the switch (to manage) the subnet becomes routable. This is the difference with the 6248 where you specify this by the command "routing" in the "interface vlan {nr}"-scope. This command is not available anymore and every VLAN with an IP-address is routed.

So what I want to do is to restrict routing by ACL-policy (or another way). This is mentioned before in other threads, but I need help to configure.
I already restricted the access to the management interface by an accesslist "mlist".

What do I exactly need to change to disable the routing only for VLAN50?

Thanks in advance.

Kind regards, Hugo.

---

This is my config:

!Current Configuration:
!System Description "Dell EMC Networking N3048ET-ON, 6.6.0.54, Linux 3.6.5-ca31e31f, v1.0.5"
!System Software Version 6.6.0.54
!
configure
vlan 50,100,1439,2439
exit
vlan 50
name "LAN-50"
exit
vlan 100
name "Colo-1"
exit
vlan 1439
name "Linknet VLAN 1439"
exit
vlan 2439
name "Linknet VLAN 2439"
exit
hostname "sws01.rtd.xxx.net"
slot 1/0 9    ! Dell EMC Networking N3048ET-ON
slot 2/0 9    ! Dell EMC Networking N3048ET-ON
sntp unicast client enable
sntp server "0.nl.pool.ntp.org"
clock summer-time recurring EU
clock timezone 1 minutes 0 zone "EST"
stack
member 1 6    ! N3048ET-ON
member 2 6    ! N3048ET-ON
exit
ip name-server "8.8.8.8"
ip name-server "2001:4860:4860::8888"
ip name-server "2001:4860:4860::8844"
ip name-server "8.8.4.4"
ip routing
interface vlan 50
ip address 192.168.50.254 255.255.255.0
exit
interface vlan 100
ip address 5.x.x.x 255.255.255.224
ipv6 address 2a00:x:x::1/48
exit
interface vlan 1439
ip address 192.168.140.138 255.255.255.252
ipv6 address 2a00:x:x:x::x/126
exit
interface vlan 2439
ip address 192.168.240.138 255.255.255.252
ipv6 address 2a00:x:x:x::x/126
exit
ip route 0.0.0.0 0.0.0.0 192.168.140.137
ip route 0.0.0.0 0.0.0.0 192.168.240.137
username "admin" password {secret} privilege 15 encrypted
management access-list "mlist"
permit vlan 50 priority 1
exit
management access-class mlist
application install SupportAssist auto-restart start-on-boot
!
interface Gi1/0/1
description "Uplink VLAN 1439"
spanning-tree disable
switchport mode trunk
switchport trunk native vlan 1439
switchport trunk allowed vlan 1439
exit
!
interface Gi1/0/46
description "Service poort"
spanning-tree guard root
switchport access vlan 50
exit
!
interface Gi2/0/1
description "Uplink VLAN 2439"
spanning-tree disable
switchport mode trunk
switchport trunk native vlan 2439
switchport trunk allowed vlan 2439
exit
!
interface Gi2/0/46
description "Service poort"
spanning-tree guard root
switchport access vlan 50
exit
!
ipv6 route ::/0 2a00:x:x:x::x
ipv6 route ::/0 2a00:x:x:x::x
eula-consent hiveagent reject
exit