#!/bin/bash set -e RULESET="table ip x { chain x { meta pkttype broadcast udp dport { 67, 547 } accept meta pkttype multicast udp dport 1900 drop } chain y { ip saddr 1.1.1.1 ip daddr 2.2.2.2 accept ip saddr 4.4.4.4 ip daddr 5.5.5.5 accept ip saddr 2.2.2.2 ip daddr 3.3.3.3 drop } }" $NFT -o -f - <<< $RULESET