nft \ -ae insert \ rule \ ip \ libvirt_network \ guest_output \ iif \ virbr0 \ counter \ reject nft \ -ae insert \ rule \ ip \ libvirt_network \ guest_input \ oif \ virbr0 \ counter \ reject nft \ -ae insert \ rule \ ip \ libvirt_network \ guest_cross \ iif \ virbr0 \ oif \ virbr0 \ counter \ accept nft \ -ae insert \ rule \ ip \ libvirt_network \ guest_output \ ip \ saddr \ 192.168.122.0/24 \ iif \ virbr0 \ counter \ accept nft \ -ae insert \ rule \ ip \ libvirt_network \ guest_input \ ip \ daddr \ 192.168.122.0/24 \ oif \ virbr0 \ counter \ accept