nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
iif \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oif \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_cross \
iif \
virbr0 \
oif \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
ip \
saddr \
192.168.122.0/24 \
iif \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
ip \
daddr \
192.168.122.0/24 \
oif \
virbr0 \
counter \
accept