Nft-4

table ip filter {
	chain INPUT {
		type filter hook input priority filter; policy drop;
		ct state established,related accept
		iifname "lo" ct state new accept
		tcp dport 22 ct state new accept
		icmp type echo-request ct state new accept
		log prefix "--iptables-drop-in--"
	}

	chain OUTPUT {
		type filter hook output priority filter; policy drop;
		ct state established,related accept
		ct state new accept
		log prefix "--iptables-drop-out--"
	}

	chain FORWARD {
		type filter hook forward priority filter; policy drop;
		ct state established,related accept
		icmp type echo-request jump lan-to-wan
		tcp dport 53 jump lan-to-wan
		udp dport 53 jump lan-to-wan
		tcp dport { 25, 80, 143, 443, 465, 993 } jump lan-to-wan
		log prefix "--iptables-drop-for--"
	}

	chain lan-to-wan {
		iifname "ens19" oifname "eth0" ip saddr 10.82.243.0/24 ct state new accept
	}
}