aca · July 28, 2021 14:14
diff --git a/notsodeep.nft b/notsodeep.nft
 # nft rules for notsodeep services
 # Translated by iptables-restore-translate v1.8.7 on Wed Jul 28 02:23:24 2021

 add table ip raw
 add chain ip raw PREROUTING { type filter hook prerouting priority -300; policy accept; }
 add chain ip raw OUTPUT { type filter hook output priority -300; policy accept; }
 add rule ip raw PREROUTING tcp sport 80 tcp flags & (syn|ack) == syn|ack counter queue num 200 bypass
 add table ip mangle
 add chain ip mangle PREROUTING { type filter hook prerouting priority -150; policy accept; }
 add chain ip mangle INPUT { type filter hook input priority -150; policy accept; }
 add chain ip mangle FORWARD { type filter hook forward priority -150; policy accept; }
 add chain ip mangle OUTPUT { type route hook output priority -150; policy accept; }
 add chain ip mangle POSTROUTING { type filter hook postrouting priority -150; policy accept; }
 add table ip nat
 add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
 add chain ip nat INPUT { type nat hook input priority 100; policy accept; }
 add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
 add chain ip nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
 add table ip filter
 add chain ip filter INPUT { type filter hook input priority 0; policy accept; }
 add chain ip filter FORWARD { type filter hook forward priority 0; policy drop; }
 add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; }
 add rule ip filter INPUT tcp sport 443 tcp flags & (syn|ack) == syn|ack counter queue num 200 bypass
	# nft rules for notsodeep services
	# Translated by iptables-restore-translate v1.8.7 on Wed Jul 28 02:23:24 2021

	add table ip raw
	add chain ip raw PREROUTING { type filter hook prerouting priority -300; policy accept; }
	add chain ip raw OUTPUT { type filter hook output priority -300; policy accept; }
	add rule ip raw PREROUTING tcp sport 80 tcp flags & (syn\|ack) == syn\|ack counter queue num 200 bypass
	add table ip mangle
	add chain ip mangle PREROUTING { type filter hook prerouting priority -150; policy accept; }
	add chain ip mangle INPUT { type filter hook input priority -150; policy accept; }
	add chain ip mangle FORWARD { type filter hook forward priority -150; policy accept; }
	add chain ip mangle OUTPUT { type route hook output priority -150; policy accept; }
	add chain ip mangle POSTROUTING { type filter hook postrouting priority -150; policy accept; }
	add table ip nat
	add chain ip nat PREROUTING { type nat hook prerouting priority -100; policy accept; }
	add chain ip nat INPUT { type nat hook input priority 100; policy accept; }
	add chain ip nat OUTPUT { type nat hook output priority -100; policy accept; }
	add chain ip nat POSTROUTING { type nat hook postrouting priority 100; policy accept; }
	add table ip filter
	add chain ip filter INPUT { type filter hook input priority 0; policy accept; }
	add chain ip filter FORWARD { type filter hook forward priority 0; policy drop; }
	add chain ip filter OUTPUT { type filter hook output priority 0; policy accept; }
	add rule ip filter INPUT tcp sport 443 tcp flags & (syn\|ack) == syn\|ack counter queue num 200 bypass