flush ruleset

table bridge filter {
       chain prerouting {
                type filter hook prerouting priority 0;
                policy accept;
                ibrname br100 jump netpublic
                }
       chain netpublic {

             iifname tap1 jump vm1

             icmpv6 type {nd-router-solicit, nd-router-advert,
       nd-neighbor-solicit, nd-neighbor-advert, nd-redirect } log

       }
       chain vm1 {
             ether saddr != 02:00:f0:a9:c4:4e drop
       }
}

table ip6 filter {
        chain forward {
                type filter hook forward priority 0;

       #         policy drop;

                ct state established,related accept;

        }

}