servers/roles/dnsmasq/templates/dnsmasq.nft.j2

table inet filter {
    chain input {
        # networks using this DHCP server
        ip saddr {
{% for prefix in prefixes | selectattr('custom_fields.dhcp_server') | sort(attribute='vlan.name') %}
{% if prefix.custom_fields.dhcp_server.address | ipaddr('address') == primary_ip4 %}
            {{ prefix.prefix }},
{% endif %}
{% endfor %}
        } udp dport { 67 } ct state new accept
    }
}