nft -f - <<__EOF
table bridge filter {
	chain FORWARD {
		# Erlaube nur Router-Solicitation von CLIENT -> BATMAN
		# -p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY
		ether type ip6 icmpv6 type nd-router-solicit counter jump OUT_ONLY

		# Erlaube nur Router-Advertisment von BATMAN -> CLIENT
		# -p IPv6 --ip6-proto ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY
		ether type ip6 icmpv6 type nd-router-advert counter jump IN_ONLY
	}
}
__EOF