I _was_ trying to set up an nwfilter for our networking set-up with VXLAN and openvswitch, where we use VXLAN as carrier for separate networks (unlike OpenStack gre-tunnels).

But with OVS, ebtables do not work, and the basic setup of nwfilter rules are based on this premise... or so I understand...

Now..

Is there a way to define nwfilter rules _without_ ebtables ?

What I would like to do is quite simple (block out dhcp{4,6} services from VM's, and ipv6 router advertisements )

Thanks