{
  "nftables": [
    {
      "metainfo": {
        "version": "1.0.9",
        "release_name": "Old Doc Yak #3",
        "json_schema_version": 1
      }
    },
    {
      "table": {
        "family": "ip",
        "name": "filter",
        "handle": 1
      }
    },
    {
      "chain": {
        "family": "ip",
        "table": "filter",
        "name": "output",
        "handle": 1,
        "type": "filter",
        "hook": "output",
        "prio": 100,
        "policy": "accept"
      }
    },
    {
      "chain": {
        "family": "ip",
        "table": "filter",
        "name": "input",
        "handle": 2,
        "type": "filter",
        "hook": "input",
        "prio": 0,
        "policy": "accept"
      }
    },
    {
      "chain": {
        "family": "ip",
        "table": "filter",
        "name": "forward",
        "handle": 3,
        "type": "filter",
        "hook": "forward",
        "prio": 0,
        "policy": "drop"
      }
    },
    {
      "rule": {
        "family": "ip",
        "table": "filter",
        "chain": "input",
        "handle": 4,
        "expr": [
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "iifname"
                }
              },
              "right": "lan0"
            }
          },
          {
            "accept": null
          }
        ]
      }
    },
    {
      "rule": {
        "family": "ip",
        "table": "filter",
        "chain": "input",
        "handle": 5,
        "expr": [
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "iifname"
                }
              },
              "right": "wan0"
            }
          },
          {
            "drop": null
          }
        ]
      }
    },
    {
      "rule": {
        "family": "ip",
        "table": "filter",
        "chain": "forward",
        "handle": 6,
        "expr": [
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "iifname"
                }
              },
              "right": "lan0"
            }
          },
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "oifname"
                }
              },
              "right": "wan0"
            }
          },
          {
            "accept": null
          }
        ]
      }
    },
    {
      "rule": {
        "family": "ip",
        "table": "filter",
        "chain": "forward",
        "handle": 7,
        "expr": [
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "iifname"
                }
              },
              "right": "wan0"
            }
          },
          {
            "match": {
              "op": "==",
              "left": {
                "meta": {
                  "key": "oifname"
                }
              },
              "right": "lan0"
            }
          },
          {
            "match": {
              "op": "in",
              "left": {
                "ct": {
                  "key": "state"
                }
              },
              "right": [
                "established",
                "related"
              ]
            }
          },
          {
            "accept": null
          }
        ]
      }
    }
  ]
}