#!/bin/bash

set -e

RULESET="table ip x {
	set s {
		type ipv4_addr
		flags dynamic
	}
	chain filter_in_tcp {
	}
	chain filter_in_udp {
	}
	chain y {
	        update @s { ip saddr limit rate 12/minute burst 30 packets } accept
		tcp dport vmap {
			80 : accept,
			81 : accept,
			443 : accept,
		}
		tcp dport vmap {
			8000-8100 : accept,
			24000-25000 : accept,
		}
		meta l4proto tcp goto filter_in_tcp
		meta l4proto udp goto filter_in_udp
		log
	}
}"

$NFT -o -f - <<< $RULESET