zapret/init.d/openwrt/firewall.zapret.nfqws_ipset_https

QNUM=200
IPT_FILTER_PRE="-p tcp -m multiport --sports 80,443 -m set --match-set zapret src"
IPT_FILTER_POST="-p tcp --dport 80 -m set --match-set zapret dst"

ipt()
{
 iptables -C $@ 2>/dev/null || iptables -I $@
}

ipt PREROUTING -t raw $IPT_FILTER_PRE -j NFQUEUE --queue-num $QNUM --queue-bypass
ipt POSTROUTING -t mangle $IPT_FILTER_POST -j NFQUEUE --queue-num $QNUM --queue-bypass