--- nftables.conf       2023-06-09 19:16:58.000000000 -0400
+++ nftables.conf.2     2024-02-12 12:35:17.175626420 -0500
@@ -1,5 +1,6 @@
 #!/usr/sbin/nft -f
 flush ruleset
+include "/etc/nftables.d/blocklist.nft"

 # SET TO WIREGUARD INTERFACE IP
 define SNAT = 192.168.1.1
@@ -22,6 +23,11 @@


 table inet filter {
+        set blocklist {
+          type ipv4_addr
+          flags interval
+          elements = { $blocklist }
+        }

         chain forward {
                 type filter hook forward priority filter; policy drop;
@@ -34,6 +40,8 @@
                 meta iifname $WAN meta oifname $LAN accept
                 udp dport 80 log prefix "Dropped (UDP/80): " drop
                 udp dport 443 log prefix "Dropped (UDP/443): " drop
+                meta iifname $LAN ip daddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
+                meta iifname $LAN ip saddr @blocklist log prefix "Dropped (BLOCKED IP): " drop
                 ct state related,established accept
                 log prefix "Packet discarded by policy: "
         }