diff --git a/system/base/nftables/defaults/main.yml b/system/base/nftables/defaults/main.yml
index defedd9..fc8f0d6 100644
--- a/system/base/nftables/defaults/main.yml
+++ b/system/base/nftables/defaults/main.yml
@@ -1,3 +1,4 @@
 ---
+system_base_interfaces_iifname: []
 system_base_additional_tcp_ports: []
 system_base_udp_ports: []
diff --git a/system/base/nftables/templates/nftables.conf.j2 b/system/base/nftables/templates/nftables.conf.j2
index 60ad856..769625b 100755
--- a/system/base/nftables/templates/nftables.conf.j2
+++ b/system/base/nftables/templates/nftables.conf.j2
@@ -10,9 +10,11 @@ table inet filter {
                 # Accept any localhost traffic.
                 iif lo accept;
 
-                # Accept any libvirt traffic.
-                iifname virbr0 accept;
+{% if system_base_interfaces_iifname %}
+                # Accept any traffic on these interfaces.
+                iifname { {{ system_base_interfaces_iifname | join(", ") }} } accept;
 
+{% endif %}
                 # Accept traffic originated from us.
                 ct state established,related accept;