nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
tcp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
tcp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
iifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_cross \
iifname \
virbr0 \
oifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_output \
iifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_input \
oifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_cross \
iifname \
virbr0 \
oifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
547 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
546 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
ip \
saddr \
192.168.122.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
ip \
daddr \
192.168.122.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
udp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_output \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_input \
oifname \
virbr0 \
ip6 \
daddr \
2001:db8:ca2:2::/64 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_nat \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
ip6 \
daddr \
'!=' \
2001:db8:ca2:2::/64 \
counter \
masquerade
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_nat \
meta \
l4proto \
udp \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
ip6 \
daddr \
'!=' \
2001:db8:ca2:2::/64 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_nat \
meta \
l4proto \
tcp \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
ip6 \
daddr \
'!=' \
2001:db8:ca2:2::/64 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip6 \
libvirt_network \
guest_nat \
ip6 \
saddr \
2001:db8:ca2:2::/64 \
ip6 \
daddr \
ff02::/16 \
counter \
return