How do I route Internet Sharing into an UTM virtual machine in a simpler way?

I want a Mac to act as a Wi-Fi access point, but route the traffic not directly to the upstream internet connection, but into an UTM virtual machine. Method I currently use works, but requires circuitous setup with multiple moving parts: * For "internet sharing", special new interface was created using "System settings" -> "Network" -> "Manage Virtual Interfaces..." -> Add bridge. * A pair of virtual interfaces was created (ifconfig feth0 create; ifconfig feth1 create; ifconfig feth0 peer feth1; ifconfig feth0 up; ifconfig feth1 up). * First of the virtual interfaces was added to the manually created bridge (ifconfig bridge1 addm feth0). * In UTM virtual machine settings, additional bridged network interface was added. But UI only shows en0 and en6 as possible variants (not feth1 I need), so I needed to remove it and re-add using raw QEMU arguments: -netdev vmnet-bridged,id=net1,ifname=feth1 -device virtio-net-pci.... This results in another bridge being created when the VM starts. The scheme works as intended, but I feel that it can be optimised/simplified somewhat. Specifically: * How do I avoid needing to create two bridges instead of just one (or maybe zero)? Maybe there are other useful QEMU modes that allows one to attach existing bridge? * How do I avoid a double NAT and double DHCP servers (one inside the VM, one made by Mac's Internet sharing)? * Can I somehow turn on Internet Sharing with partial components (I want Mac to manage the Wi-Fi part, but not the DHCP / routing / address translation)? What are ways to activate the access point mode besides the official "System Settings" -> "Internet sharing"?