flush ruleset

table inet filter {
    set blocklist {
        type ipv4_addr
        flags interval
    }

    chain input {
        type filter hook input priority filter; policy drop;
        iif "lo" accept
        ip saddr @blocklist drop
        tcp dport { 22, 25, 70, 79, 1900, 1915, 1920, 1925, 8080 } accept
        ct state { established, related } accept
        drop
    }
}