dotp/src/rules.nft

table inet dotp {
    map nat_map {
        type ipv4_addr : ipv4_addr
    }

    map nat_map6 {
        type ipv6_addr : ipv6_addr
    }

    chain prerouting {
        type nat hook prerouting priority dstnat; policy accept;
        dnat ip to ip daddr map @nat_map
        dnat ip6 to ip6 daddr map @nat_map6
    }

    set nat_addr {
        type ipv4_addr
    }

    set nat_addr6 {
        type ipv6_addr
    }

    chain proxy {
        meta mark set 1
        meta l4proto tcp counter tproxy ip to 127.0.0.1:2040 accept
        meta l4proto udp counter tproxy ip to 127.0.0.1:2040 accept
        meta l4proto tcp counter tproxy ip6 to [::1]:2040 accept
        meta l4proto udp counter tproxy ip6 to [::1]:2040 accept
    }

    chain proxy_dst_check {
        type filter hook prerouting priority dstnat + 1; policy accept;
        ip daddr @nat_addr goto proxy
        ip6 daddr @nat_addr6 goto proxy
    }
}