include "/etc/nftables/private.nft"

table ip nat {
	chain proxy {
		ip daddr $private_list accept
		meta skuid clash accept
		ip protocol tcp redirect to :8889
	}

	chain output {
		type nat hook output priority filter; policy accept;
		goto proxy
	}

	chain prerouting {
		type nat hook prerouting priority dstnat; policy accept;
		goto proxy
	}
}

table ip mangle {
	chain filter {
		ip daddr $private_list accept
		meta skuid clash accept
		return
	}

	chain output {
		type route hook output priority mangle; policy accept;
		jump filter
		ip protocol udp mark set 0x233
	}

	chain prerouting {
		type filter hook prerouting priority mangle; policy accept;
		jump filter
		ip protocol udp tproxy to 127.0.0.1:8889
	}
}