# {{ ansible_managed }} # Allow DHCP/DNS traffic arriving on the libvirt integration bridge to pass base's # inet filter input default-deny chain (ADR-025). nftables multi-table semantics mean # libvirt's own `ip filter` table accept is not enough — base's `inet filter` input # policy drop kills bridge traffic first without this drop-in. # # Bridge name "virbr-boma" must match NET_XML in scripts/integration-vm.py. table inet filter { chain input { iifname "virbr-boma" accept } }