OK, i found the source of problem.
Indeed, it is a problem of nftable ruleset, ESET inject NAT rules with higher priority (priority -101).
ESET rules NAT all TCP connections to 127.0.0.1:37687. But these strange connections are forbidden by my rules.
I hope this port is static ! => not !
I will add a specific rule to accept this. (all interface, all IP to 127.0.0.1, is not beautiful) in output chain:
ip daddr 127.0.0.1 tcp dport 1024-65535 accept