Iptables with KVM

Hi Guys!
i need some help, and look i'm not sure if this the best place for this question or no.
I have dedicated server, and inside of my server im runing VM with KVM (Qemu libvirt).
everything is working how suppose to be, without any problem.

But i need to secure, my server with some iptables firewall.
The problems im having is while i type my rules on iptables, i dont get connection to vm.
Please check bellow my rules,

*filter

# Allow all loopback (lo0) traffic and reject traffic
# to localhost that does not originate from lo0.
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -s 127.0.0.0/8 -j REJECT

# Allow ping.
-A INPUT -p icmp -m state --state NEW --icmp-type 8 -j ACCEPT

# Allow SSH connections.
-A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

 -A OUTPUT -o eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A INPUT -i eth0 -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT

# Allow HTTP and HTTPS connections from anywhere
# (the normal ports for web servers).
 -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A INPUT -i eth0 -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

# Allow smtp and pop connections from anywhere
# (the normal ports for web servers).
 -A INPUT -i eth0 -p tcp --dport 25 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --sport 25 -m state --state ESTABLISHED -j ACCEPT

# Allow imap and pop connections from anywhere
 -A INPUT -i eth0 -p tcp --dport 143 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --sport 143 -m state --state ESTABLISHED -j ACCEPT

 -A INPUT -i eth0 -p tcp --dport 110 -m state --state NEW,ESTABLISHED -j ACCEPT
 -A OUTPUT -o eth0 -p tcp --sport 110 -m state --state ESTABLISHED -j ACCEPT

# Allow sftp and pop connections from anywhere
# (the normal ports for web servers).
-A INPUT -p tcp --dport 21 -m state --state NEW -j ACCEPT

# Allow dns  connections from anywhere
 -A OUTPUT -p udp -o eth0 --dport 53 -j ACCEPT
 -A INPUT -p udp -i eth0 --sport 53 -j ACCEPT

#Prevent DoS Attack
 -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

# Allow inbound traffic from established connections.
# This includes ICMP error returns.
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Log what was incoming but denied (optional but useful).
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables_INPUT_denied: " --log-level 7

# Allow Bridge Traffic.
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

# Reject all other inbound.
-A INPUT -j REJECT


# Log any traffic which was sent to you
# for forwarding (optional but useful).
-A FORWARD -m limit --limit 5/min -j LOG --log-prefix "iptables_FORWARD_denied: " --log-level 7

# Reject all traffic forwarding.
-A FORWARD -j REJECT

COMMIT

what i want is enable connection to my subnets on my bridged.
My network look like this

br0       Link encap:Ethernet  HWaddr 44:8A:5B:D8:84:8F  
          inet addr:46.X.XXX.XX  Bcast:46.X.XXX.XX  Mask:255.XXX.XXX.XXX
          inet6 addr: fe80::468a:5bff:fed8:848f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2962 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3194 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:324568 (316.9 KiB)  TX bytes:268232 (261.9 KiB)

br0:1     Link encap:Ethernet  HWaddr 44:8A:5B:D8:84:8F  
          inet addr:88.1XX.XXX.XXX  Bcast:88.1XX.XXX.XXX  Mask:255.255.255.XXX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

eth0      Link encap:Ethernet  HWaddr 44:8A:5B:D8:84:8F  
          inet6 addr: fe80::468a:5bff:fed8:848f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3114 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3197 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:377678 (368.8 KiB)  TX bytes:268594 (262.2 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2433 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2433 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:126920 (123.9 KiB)  TX bytes:126920 (123.9 KiB)

Can someone please help setting my firewall.
Regards