diff --git a/system/base/nftables/templates/nftables.conf.j2 b/system/base/nftables/templates/nftables.conf.j2
index ea73105..60ad856 100755
--- a/system/base/nftables/templates/nftables.conf.j2
+++ b/system/base/nftables/templates/nftables.conf.j2
@@ -10,6 +10,9 @@ table inet filter {
                 # Accept any localhost traffic.
                 iif lo accept;
 
+                # Accept any libvirt traffic.
+                iifname virbr0 accept;
+
                 # Accept traffic originated from us.
                 ct state established,related accept;