#! nft -f

add table ip filter
add chain ip filter output { type filter hook output priority 0 ; }

# meta: skb len
add rule ip filter output meta length 1000 counter

# meta: skb protocol
add rule ip filter output meta protocol 0x0800 counter

# meta: skb mark
add rule ip filter output meta mark 0 counter

# meta: skb iif
add rule ip filter output meta iif lo counter

# meta: skb iifname
add rule ip filter output meta iifname "eth0" counter

# meta: skb oif
add rule ip filter output meta oif lo counter

# meta: skb oifname
add rule ip filter output meta oifname "eth0" counter

# meta: skb sk uid
add rule ip filter output meta skuid 1000 counter

# meta: skb sk gid
add rule ip filter output meta skgid 1000 counter

# meta: nftrace
add rule ip filter output meta nftrace 1 counter

# meta: rtclassid (see /etc/iproute2/rt_realms)
add rule ip filter output meta rtclassid cosmos counter

# meta: secmark
add rule ip filter output meta secmark 0 counter
