{
  "nftables": [
    {
      "metainfo": {
        "version": "VERSION",
        "release_name": "RELEASE_NAME",
        "json_schema_version": 1
      }
    },
    {
      "table": {
        "family": "inet",
        "name": "filter",
        "handle": 0
      }
    },
    {
      "chain": {
        "family": "inet",
        "table": "filter",
        "name": "forward",
        "handle": 0,
        "type": "filter",
        "hook": "forward",
        "prio": 0,
        "policy": "drop"
      }
    },
    {
      "set": {
        "family": "inet",
        "name": "myset",
        "table": "filter",
        "type": [
          "ipv4_addr",
          "inet_proto",
          "inet_service"
        ],
        "handle": 0,
        "elem": [
          {
            "concat": [
              "192.168.0.113",
              "tcp",
              22
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "tcp",
              53
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "udp",
              53
            ]
          },
          {
            "concat": [
              "192.168.0.12",
              "tcp",
              80
            ]
          },
          {
            "concat": [
              "192.168.0.13",
              "tcp",
              80
            ]
          }
        ]
      }
    },
    {
      "rule": {
        "family": "inet",
        "table": "filter",
        "chain": "forward",
        "handle": 0,
        "expr": [
          {
            "match": {
              "op": "in",
              "left": {
                "ct": {
                  "key": "state"
                }
              },
              "right": [
                "established",
                "related"
              ]
            }
          },
          {
            "accept": null
          }
        ]
      }
    },
    {
      "rule": {
        "family": "inet",
        "table": "filter",
        "chain": "forward",
        "handle": 0,
        "expr": [
          {
            "match": {
              "op": "in",
              "left": {
                "ct": {
                  "key": "state"
                }
              },
              "right": "new"
            }
          },
          {
            "match": {
              "op": "==",
              "left": {
                "concat": [
                  {
                    "payload": {
                      "protocol": "ip",
                      "field": "daddr"
                    }
                  },
                  {
                    "payload": {
                      "protocol": "ip",
                      "field": "protocol"
                    }
                  },
                  {
                    "payload": {
                      "protocol": "th",
                      "field": "dport"
                    }
                  }
                ]
              },
              "right": "@myset"
            }
          },
          {
            "accept": null
          }
        ]
      }
    }
  ]
}