#!/bin/bash

set -e

RULESET="table ip x {
	chain y {
		ct state invalid drop
		ct state established,related accept
	}
	chain z {
		tcp dport { 1 } accept
		tcp dport 2-3 drop
		tcp dport 4 accept
	}
}"

$NFT -o -f - <<< $RULESET