[libvirt] nwfilter: limit VM traffic to specific MAC

Hi, I am trying to add custom filter to block VM traffic to other VMs by limiting the traffic only to the gateways MAC address. The filter XML: <filter name='rhev' chain='root'> <uuid>cd4e5890-ccc9-1b0f-303f-e7fe7123646d</uuid> <filterref filter='allow-dhcp'/> <rule action='drop' direction='out' priority='500'> <mac match='no' dstmacaddr='$MAC'/> </rule> </filter> The MAC is not the interface MAC address it's the gateways MAC that pass as a parameter (I use the gateway address hardcoded as well). The VM is getting DHCP ip but cannot get any traffic, I notice that when I edit (comment and uncomment) the drop rule, the filter is working fine, ie no traffic other then the gateway. 1. Am I doing something wrong? 1. What is the table name that libvirt use for ebtables? Shahar.