Build failure on host with nftables firewall backend due to incompatible interface wildcard

[wlhlm]

System build fails with enabled nftables firewall backend (nftables.enable = true).

error: Cannot build '/nix/store/3bakhjz9pg654nnnaa975m36kq74ds8v-nftables-rules.drv'.
       Reason: builder failed with exit code 1.
       Output paths:
         /nix/store/s7f4mvvhff9r7bv2jkhrnk9yn169sw7k-nftables-rules
       Last 12 log lines:
       > ruleset.conf:58:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
       > iifname ve-+ tcp dport { 5353 } accept
       >            ^
       > ruleset.conf:59:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
       > iifname ve-+ udp dport { 67, 5353 } accept
       >            ^
       > ruleset.conf:60:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
       > iifname vz-+ tcp dport { 5353 } accept
       >            ^
       > ruleset.conf:61:12-12: Error: syntax error, unexpected +, expecting newline or semicolon
       > iifname vz-+ udp dport { 67, 5353 } accept
       > 

This is caused by the usage of the iptables-specific network interface wildcard character +. nftables uses *.

nixos 25.11 added firewalld as another firewall backend, I'm not sure which wildcard character that supports. Redhat's docs on that are behind a paywall and I have never used firewalld personally.