nft -f - <<__EOF
table bridge filter {
	chain MULTICAST_OUT {
		# Erlaube DHCPv6 Requests
		# -p IPv6 --ip6-proto udp --ip6-dport 547 -j RETURN
		ether type ip6 udp dport 547 counter return
	}

	chain FORWARD {
		# Erlaube nur DHCPv6 Request von CLIENT -> BATMAN
		# -p IPv6 --ip6-proto udp --ip6-dport 547 -j OUT_ONLY
		ether type ip6 udp dport 547 counter jump OUT_ONLY

		# Erlaube nur DHCPv6 Antworten von BATMAN -> CLIENT
		# -p IPv6 --ip6-proto udp --ip6-dport 546 -j IN_ONLY
		ether type ip6 udp dport 546 counter jump IN_ONLY
	}
}
__EOF