set tpws_exclude4 {
	type ipv4_addr; flags interval; auto-merge;
        elements = { 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,127.0.0.0/8 }
}
set tpws_exclude6 {
	type ipv6_addr; flags interval; auto-merge;
        elements = { fc00::/7, fe80::/10, ::1 }
}
chain tpws_pre {
	type nat hook prerouting priority dstnat; policy accept;
	tcp dport 80 ip daddr != @tpws_exclude4 redirect to :900
	tcp dport 443 ip daddr != @tpws_exclude4 redirect to :901
	tcp dport 80 ip6 daddr != @tpws_exclude4 redirect to :900
	tcp dport 443 ip6 daddr != @tpws_exclude6 redirect to :901
}
chain tpws_out {
	type nat hook output priority -100; policy accept;
	tcp dport 80 skuid != daemon ip daddr != @tpws_exclude4 redirect to :900
	tcp dport 443 skuid != daemon ip daddr != @tpws_exclude4 redirect to :901
	tcp dport 80 skuid != daemon ip6 daddr != @tpws_exclude6 redirect to :900
	tcp dport 443 skuid != daemon ip6 daddr != @tpws_exclude6 redirect to :901
}