#	nft -f /root/xray/nft.txt
flush ruleset
table inet filter {
  chain input {
    type filter hook input priority 0;

    # 仅放行这两段访问本机 TCP/80
	# ip saddr { 103.143.92.0/24, 103.143.93.0/24 } tcp dport 8080 accept
    ip saddr { 103.143.92.0/23 } tcp dport {80,8080,443} accept

    # 其余访问本机 TCP/80 的一律丢弃
    tcp dport { 80,8080,443 } drop
  }
}