nft -f - <<__EOF
table bridge filter {
	chain MULTICAST_OUT {
		# Verbiete ARP Antworten an alle
		# -p ARP --arp-op Reply --arp-ip-src 0.0.0.0 -j DROP
		ether type arp arp operation reply arp daddr ip 0.0.0.0 counter drop

		# Verbiete ARP Requests an alle
		# -p ARP --arp-op Request --arp-ip-dst 0.0.0.0 -j DROP
		ether type arp arp operation request arp daddr ip 0.0.0.0 counter drop

		# Erlaube alle anderen ARP's
		# -p ARP -j RETURN
		ether type arp counter return
	}
}
__EOF