table inet zapret {
	set zapret {
		type ipv4_addr
		size 522288
		flags interval
		auto-merge
	}

	set ipban {
		type ipv4_addr
		size 522288
		flags interval
		auto-merge
	}

	set nozapret {
		type ipv4_addr
		size 65536
		flags interval
		auto-merge
		elements = { 10.0.0.0/8, 169.254.0.0/16,
			     172.16.0.0/12, 192.168.0.0/16 }
	}

	set lanif {
		type ifname
	}

	set wanif {
		type ifname
		elements = { "eth4.10" }
	}

	set wanif6 {
		type ifname
	}

	map link_local {
		type ifname : ipv6_addr
	}

	set discord {
		type ipv4_addr
		size 4096
		flags interval
		auto-merge
		elements = { 5.200.14.249, 18.165.140.0/25,
			     23.227.38.74, 34.0.48.0/24,
			     34.0.49.64/26, 34.0.50.0/25,
			     34.0.51.0-34.0.57.255, 34.0.59.0-34.0.60.255,
			     34.0.62.128/25, 34.0.63.228,
			     34.0.64.0/23, 34.0.66.130,
			     34.0.82.140, 34.0.129.128-34.0.130.255,
			     34.0.131.130, 34.0.132.139,
			     34.0.133.75, 34.0.134.0/24,
			     34.0.135.251, 34.0.136.51,
			     34.0.137.0/24, 34.0.139.0-34.0.142.127,
			     34.0.144.0-34.0.146.255, 34.0.148.25,
			     34.0.149.101, 34.0.151.0/25,
			     34.0.153.0/24, 34.0.155.0/24,
			     34.0.156.101, 34.0.157.0/25,
			     34.0.158.247, 34.0.159.188,
			     34.0.192.0/25, 34.0.193.0-34.0.194.255,
			     34.0.195.172, 34.0.196.200/29,
			     34.0.197.81, 34.0.198.25,
			     34.0.199.0-34.0.200.255, 34.0.201.81,
			     34.0.202.34, 34.0.203.0-34.0.206.127,
			     34.0.207.0/25, 34.0.208.195,
			     34.0.209.0/24, 34.0.210.20,
			     34.0.211.0/26, 34.0.212.0/24,
			     34.0.213.64/26, 34.0.215.128/25,
			     34.0.216.238, 34.0.217.0/24,
			     34.0.218.83, 34.0.220.103,
			     34.0.221.0/24, 34.0.222.193,
			     34.0.223.68, 34.0.227.0/24,
			     34.0.240.0-34.0.251.127, 34.1.216.0/24,
			     34.1.221.166, 35.207.64.0/23,
			     35.207.67.116, 35.207.71.0/24,
			     35.207.72.32, 35.207.73.0-35.207.74.255,
			     35.207.75.128/25, 35.207.76.128/26,
			     35.207.77.0/24, 35.207.78.129,
			     35.207.79.0/24, 35.207.80.76,
			     35.207.81.248/30, 35.207.82.0-35.207.84.255,
			     35.207.85.160, 35.207.86.41,
			     35.207.87.184, 35.207.89.188,
			     35.207.91.146, 35.207.92.230,
			     35.207.95.0/24, 35.207.97.174,
			     35.207.99.134, 35.207.100.64/26,
			     35.207.101.130, 35.207.103.64/26,
			     35.207.104.0/24, 35.207.106.128/26,
			     35.207.107.19, 35.207.108.192/27,
			     35.207.109.185, 35.207.110.0/24,
			     35.207.111.174, 35.207.114.16,
			     35.207.115.163, 35.207.116.51,
			     35.207.117.0/24, 35.207.121.204,
			     35.207.122.0/25, 35.207.124.145,
			     35.207.125.116, 35.207.126.30,
			     35.207.129.0/24, 35.207.131.128/27,
			     35.207.132.247, 35.207.135.147,
			     35.207.136.69, 35.207.137.0/24,
			     35.207.139.0/24, 35.207.140.241,
			     35.207.141.119, 35.207.142.0/24,
			     35.207.143.96/27, 35.207.144.0/25,
			     35.207.145.0/24, 35.207.146.89,
			     35.207.147.0/24, 35.207.149.0-35.207.150.255,
			     35.207.151.61, 35.207.153.117,
			     35.207.154.0/24, 35.207.155.128/25,
			     35.207.156.254, 35.207.157.7,
			     35.207.158.192, 35.207.160.160,
			     35.207.162.239, 35.207.163.0-35.207.164.127,
			     35.207.165.147, 35.207.166.0/25,
			     35.207.167.0/24, 35.207.168.116,
			     35.207.170.0-35.207.172.255, 35.207.174.55,
			     35.207.176.128/25, 35.207.178.0/24,
			     35.207.180.152, 35.207.181.76,
			     35.207.182.125, 35.207.184.101,
			     35.207.185.192, 35.207.186.128/25,
			     35.207.187.228, 35.207.188.0-35.207.189.127,
			     35.207.190.194, 35.207.191.64/26,
			     35.207.193.165, 35.207.195.75,
			     35.207.196.0/24, 35.207.198.0/23,
			     35.207.201.186, 35.207.202.169,
			     35.207.205.211, 35.207.207.4,
			     35.207.209.0/25, 35.207.210.191,
			     35.207.211.253, 35.207.213.97,
			     35.207.214.0/24, 35.207.220.147,
			     35.207.221.58, 35.207.222.105,
			     35.207.224.151, 35.207.225.210,
			     35.207.227.0/24, 35.207.229.212,
			     35.207.232.26, 35.207.234.182,
			     35.207.238.0/24, 35.207.240.0/24,
			     35.207.245.0/24, 35.207.249.0/24,
			     35.207.250.212, 35.207.251.0/27,
			     35.212.4.134, 35.212.12.148,
			     35.212.88.11, 35.212.102.50,
			     35.212.111.0/26, 35.212.117.247,
			     35.212.120.122, 35.213.0.0/24,
			     35.213.2.8, 35.213.4.185,
			     35.213.6.118, 35.213.7.128/25,
			     35.213.8.168, 35.213.10.0/24,
			     35.213.11.21, 35.213.12.224/27,
			     35.213.13.19, 35.213.14.217,
			     35.213.16.67, 35.213.17.235,
			     35.213.23.166, 35.213.25.164,
			     35.213.26.62, 35.213.27.252,
			     35.213.32.0/24, 35.213.33.74,
			     35.213.34.204, 35.213.37.81,
			     35.213.38.186, 35.213.39.253,
			     35.213.42.0/24, 35.213.43.79,
			     35.213.45.0/24, 35.213.46.136,
			     35.213.49.17, 35.213.50.0/24,
			     35.213.51.213, 35.213.52.0/25,
			     35.213.53.0-35.213.54.255, 35.213.56.0/25,
			     35.213.59.0/24, 35.213.61.58,
			     35.213.65.0/24, 35.213.67.0/24,
			     35.213.68.192/26, 35.213.70.151,
			     35.213.72.128/25, 35.213.73.245,
			     35.213.74.131, 35.213.78.0/24,
			     35.213.79.137, 35.213.80.0/25,
			     35.213.83.128/25, 35.213.84.245,
			     35.213.85.0/24, 35.213.88.145,
			     35.213.89.80/28, 35.213.90.0/24,
			     35.213.91.195, 35.213.92.0/24,
			     35.213.93.254, 35.213.94.78,
			     35.213.95.145, 35.213.96.87,
			     35.213.98.0/24, 35.213.99.126,
			     35.213.101.214, 35.213.102.0/24,
			     35.213.105.0/24, 35.213.106.128/25,
			     35.213.107.158, 35.213.109.0/24,
			     35.213.110.40, 35.213.111.0/25,
			     35.213.115.0/25, 35.213.120.0/24,
			     35.213.122.0/24, 35.213.124.89,
			     35.213.125.40, 35.213.126.185,
			     35.213.127.0-35.213.133.255, 35.213.134.140,
			     35.213.135.0-35.213.137.255, 35.213.138.128-35.213.140.127,
			     35.213.141.164, 35.213.142.128-35.213.150.255,
			     35.213.152.0/23, 35.213.154.137,
			     35.213.155.134, 35.213.156.144,
			     35.213.157.0/24, 35.213.158.64/26,
			     35.213.160.90, 35.213.161.253,
			     35.213.162.0/25, 35.213.163.0-35.213.165.255,
			     35.213.166.106, 35.213.167.160/27,
			     35.213.168.0/24, 35.213.169.179,
			     35.213.170.0/24, 35.213.171.201,
			     35.213.172.159, 35.213.173.0/24,
			     35.213.174.128/25, 35.213.175.128/26,
			     35.213.176.0-35.213.177.127, 35.213.179.139,
			     35.213.180.0-35.213.181.127, 35.213.182.0-35.213.185.255,
			     35.213.186.70, 35.213.187.0/24,
			     35.213.188.128/25, 35.213.190.158,
			     35.213.191.0/24, 35.213.192.240/31,
			     35.213.193.74, 35.213.194.0/25,
			     35.213.195.178, 35.213.196.38,
			     35.213.197.68, 35.213.198.0-35.213.202.127,
			     35.213.203.195, 35.213.204.32/27,
			     35.213.205.170, 35.213.207.128/25,
			     35.213.208.85, 35.213.210.0/24,
			     35.213.211.176/29, 35.213.212.0/24,
			     35.213.213.225, 35.213.214.0/25,
			     35.213.215.255, 35.213.217.0/24,
			     35.213.218.248, 35.213.219.0/25,
			     35.213.220.211, 35.213.221.0/24,
			     35.213.222.215, 35.213.223.0/24,
			     35.213.225.0/24, 35.213.227.227,
			     35.213.229.17, 35.213.230.89,
			     35.213.231.0/24, 35.213.233.0/24,
			     35.213.234.134, 35.213.236.0/24,
			     35.213.237.212, 35.213.238.0/24,
			     35.213.240.212, 35.213.241.0/24,
			     35.213.242.10, 35.213.243.219,
			     35.213.244.146, 35.213.245.119,
			     35.213.246.0/23, 35.213.249.79,
			     35.213.250.0/24, 35.213.251.74,
			     35.213.252.0/24, 35.213.253.155,
			     35.213.254.89, 35.214.128.248,
			     35.214.129.220, 35.214.130.217,
			     35.214.131.144, 35.214.132.189,
			     35.214.133.0/24, 35.214.134.163,
			     35.214.137.0-35.214.138.127, 35.214.140.0/24,
			     35.214.142.0/24, 35.214.143.41,
			     35.214.144.26, 35.214.145.200,
			     35.214.146.9, 35.214.147.135,
			     35.214.148.89, 35.214.149.110,
			     35.214.151.128-35.214.152.255, 35.214.156.115,
			     35.214.158.181, 35.214.159.128/25,
			     35.214.160.128/25, 35.214.161.217,
			     35.214.162.0/24, 35.214.163.28,
			     35.214.165.102, 35.214.167.77,
			     35.214.169.0/24, 35.214.170.2,
			     35.214.171.0/25, 35.214.172.128-35.214.173.255,
			     35.214.175.0/24, 35.214.177.183,
			     35.214.179.46, 35.214.180.0/23,
			     35.214.184.179, 35.214.185.28,
			     35.214.186.3, 35.214.187.0/24,
			     35.214.191.0/24, 35.214.192.128-35.214.193.255,
			     35.214.194.128-35.214.195.127, 35.214.196.64/26,
			     35.214.197.0/24, 35.214.198.7,
			     35.214.199.224, 35.214.201.0/25,
			     35.214.203.155, 35.214.204.0/23,
			     35.214.207.0/24, 35.214.208.128/25,
			     35.214.209.64, 35.214.210.0/24,
			     35.214.211.3, 35.214.212.64/26,
			     35.214.213.0/25, 35.214.214.0/24,
			     35.214.215.64/26, 35.214.216.0/23,
			     35.214.218.140, 35.214.219.0/24,
			     35.214.220.149, 35.214.221.0/24,
			     35.214.222.149, 35.214.223.0/24,
			     35.214.224.71, 35.214.225.0-35.214.229.255,
			     35.214.231.187, 35.214.233.8,
			     35.214.235.38, 35.214.237.0-35.214.238.127,
			     35.214.239.0/24, 35.214.240.87,
			     35.214.241.0/24, 35.214.243.21,
			     35.214.244.0/24, 35.214.245.16/28,
			     35.214.246.106, 35.214.248.119,
			     35.214.249.154, 35.214.250.0/24,
			     35.214.251.128/25, 35.214.252.187,
			     35.214.253.0/24, 35.214.255.154,
			     35.215.72.85, 35.215.73.65,
			     35.215.83.0, 35.215.108.111,
			     35.215.115.120, 35.215.126.35,
			     35.215.127.34, 35.215.128.0-35.215.136.63,
			     35.215.137.0-35.215.140.255, 35.215.141.64/27,
			     35.215.142.0/24, 35.215.143.83,
			     35.215.144.128-35.215.146.255, 35.215.147.86,
			     35.215.148.0-35.215.150.63, 35.215.151.0-35.215.152.255,
			     35.215.153.128/25, 35.215.154.240/28,
			     35.215.155.20, 35.215.156.0/24,
			     35.215.158.0/23, 35.215.160.192-35.215.161.255,
			     35.215.163.0-35.215.164.255, 35.215.165.236,
			     35.215.166.128/25, 35.215.167.128-35.215.168.255,
			     35.215.169.12, 35.215.170.0-35.215.176.255,
			     35.215.177.72, 35.215.178.0/24,
			     35.215.179.161, 35.215.180.0/22,
			     35.215.184.253, 35.215.185.64/26,
			     35.215.186.0/25, 35.215.187.0-35.215.190.255,
			     35.215.191.61, 35.215.192.0/23,
			     35.215.194.192/28, 35.215.195.0-35.215.196.127,
			     35.215.197.0/25, 35.215.198.230,
			     35.215.199.204, 35.215.200.0-35.215.203.127,
			     35.215.204.128-35.215.205.127, 35.215.206.0-35.215.209.127,
			     35.215.210.0-35.215.219.255, 35.215.221.0/24,
			     35.215.222.128/25, 35.215.223.126,
			     35.215.224.0-35.215.227.127, 35.215.228.0/24,
			     35.215.229.64, 35.215.230.89,
			     35.215.231.0-35.215.233.127, 35.215.234.37,
			     35.215.235.0/24, 35.215.238.0/25,
			     35.215.239.119, 35.215.240.0/24,
			     35.215.241.128-35.215.242.127, 35.215.243.0-35.215.245.255,
			     35.215.246.222, 35.215.247.0-35.215.252.255,
			     35.215.253.118, 35.215.254.0/23,
			     35.217.0.0/24, 35.217.1.64/26,
			     35.217.2.5, 35.217.3.0/24,
			     35.217.4.72, 35.217.5.0/25,
			     35.217.6.0/24, 35.217.8.0/25,
			     35.217.9.0/24, 35.217.11.186,
			     35.217.12.0/24, 35.217.14.192/26,
			     35.217.15.65, 35.217.16.75,
			     35.217.17.128-35.217.18.255, 35.217.19.183,
			     35.217.20.0/24, 35.217.21.128/25,
			     35.217.22.128/25, 35.217.23.128-35.217.24.255,
			     35.217.25.81, 35.217.26.0/24,
			     35.217.27.128/25, 35.217.28.128-35.217.30.127,
			     35.217.31.0/25, 35.217.32.128-35.217.33.255,
			     35.217.35.128-35.217.37.255, 35.217.38.179,
			     35.217.39.186, 35.217.40.176,
			     35.217.41.204, 35.217.43.0/24,
			     35.217.45.248, 35.217.46.0/24,
			     35.217.47.128/25, 35.217.48.195,
			     35.217.49.160/27, 35.217.50.0/25,
			     35.217.51.0/24, 35.217.52.117,
			     35.217.53.128-35.217.54.127, 35.217.55.96/27,
			     35.217.56.6, 35.217.57.184,
			     35.217.58.0/24, 35.217.59.64/26,
			     35.217.60.0/24, 35.217.61.128-35.217.62.255,
			     35.217.63.128/25, 35.219.225.149,
			     35.219.226.57, 35.219.227.0/24,
			     35.219.228.37, 35.219.229.128-35.219.231.255,
			     35.219.235.0/24, 35.219.236.198,
			     35.219.238.115, 35.219.239.0/24,
			     35.219.241.0/24, 35.219.242.221,
			     35.219.243.191, 35.219.244.1,
			     35.219.245.0/24, 35.219.246.159,
			     35.219.247.0/26, 35.219.248.0/24,
			     35.219.249.126, 35.219.251.186,
			     35.219.252.0-35.219.254.255, 64.233.161.207,
			     64.233.162.207, 64.233.163.207,
			     64.233.164.207, 64.233.165.207,
			     66.22.196.0/26, 66.22.197.0-66.22.198.63,
			     66.22.199.0-66.22.200.63, 66.22.202.0/26,
			     66.22.204.0/24, 66.22.206.0/24,
			     66.22.208.0/25, 66.22.210.0/26,
			     66.22.212.0/24, 66.22.214.0/24,
			     66.22.216.0/23, 66.22.220.0/25,
			     66.22.221.0-66.22.224.127, 66.22.225.0/26,
			     66.22.226.0/25, 66.22.227.0/25,
			     66.22.228.0/22, 66.22.233.0-66.22.234.255,
			     66.22.236.0-66.22.238.255, 66.22.240.0-66.22.245.255,
			     66.22.248.0/24, 74.125.131.207,
			     74.125.205.207, 104.17.51.93,
			     104.17.117.93, 104.18.4.161,
			     104.18.5.161, 104.18.8.105,
			     104.18.9.105, 104.18.30.128,
			     104.18.31.128, 104.21.2.204,
			     104.21.25.51, 104.21.40.151,
			     104.21.59.128, 104.21.72.221,
			     104.21.82.160, 108.177.14.207,
			     138.128.140.240/28, 142.250.150.207,
			     142.251.1.207, 162.159.128.232/30,
			     162.159.129.232/30, 162.159.130.232/30,
			     162.159.133.232/30, 162.159.134.232/30,
			     162.159.135.232/30, 162.159.136.232/30,
			     162.159.137.232/30, 162.159.138.232/30,
			     172.65.202.19, 172.66.41.34,
			     172.66.42.222, 172.67.152.224/28,
			     172.67.155.163, 172.67.159.89,
			     172.67.177.131, 172.67.222.182,
			     173.194.73.207, 173.194.220.207,
			     173.194.221.207, 173.194.222.207,
			     188.114.96.2, 188.114.97.2,
			     188.114.98.224, 188.114.99.224,
			     204.11.56.48, 209.85.233.207 }
	}

	chain dnat_output {
		type nat hook output priority dstnat - 1; policy accept;
	}

	chain dnat_pre {
		type nat hook prerouting priority dstnat - 1; policy accept;
	}

	chain forward {
		type filter hook forward priority filter - 1; policy accept;
	}

	chain input {
		type filter hook input priority filter - 1; policy accept;
		iif != "lo" jump localnet_protect
	}

	chain flow_offload {
		tcp dport { 80, 443 } ct original packets 1-9 ip daddr != @nozapret return comment "direct flow offloading exemption"
		udp dport 443 ct original packets 1-9 ip daddr != @nozapret return comment "direct flow offloading exemption"
		udp dport 50000-50099 ct original packets 1-3 ip daddr @discord ip daddr != @nozapret return comment "direct flow offloading exemption"
	}

	chain localnet_protect {
		ip daddr 127.0.0.127 return comment "route_localnet allow access to tpws"
		ip daddr 127.0.0.0/8 drop comment "route_localnet remote access protection"
	}

	chain postrouting {
	}

	chain postrouting_hook {
		type filter hook postrouting priority srcnat - 1; policy accept;
		meta mark & 0x40000000 == 0x00000000 jump postrouting
	}

	chain postnat {
		oifname @wanif udp dport 50000-50099 ct original packets 1-3 ip daddr @discord ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 65400
		oifname @wanif udp dport 443 ct original packets 1-9 ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 200
		oifname @wanif tcp dport { 80, 443 } ct original packets 1-9 ip daddr != @nozapret meta mark set meta mark | 0x20000000 queue flags bypass to 200
	}

	chain postnat_hook {
		type filter hook postrouting priority srcnat + 1; policy accept;
		meta mark & 0x40000000 == 0x00000000 jump postnat
	}

	chain prerouting {
		type filter hook prerouting priority dstnat + 1; policy accept;
	}

	chain prenat {
		type filter hook prerouting priority dstnat - 1; policy accept;
		iifname @wanif tcp sport { 80, 443 } ct reply packets 1-3 ip saddr != @nozapret queue flags bypass to 200
	}

	chain predefrag {
		type filter hook output priority -401; policy accept;
		meta mark & 0x40000000 != 0x00000000 jump predefrag_nfqws comment "nfqws generated : avoid drop by INVALID conntrack state"
	}

	chain predefrag_nfqws {
		meta mark & 0x20000000 != 0x00000000 notrack comment "postnat traffic"
		ip frag-off != 0x0 notrack comment "ipfrag"
		exthdr frag exists notrack comment "ipfrag"
		tcp flags ! syn,rst,ack notrack comment "datanoack"
	}
}