network/roles/firewall_master/files/accept-fri.nft

table inet filter {
    set fri {
        typeof ip saddr; flags interval
        elements = { 10.32.0.0/14, 192.168.0.0/16, 141.255.211.0/24, 193.2.76.0/24 }
    }

    set fri/6 {
        typeof ip6 saddr; flags interval
        elements = { 2001:1470:fffd::/48 }
    }

    chain input {
        ip saddr @fri tcp dport { ssh, http, https } accept
        ip6 saddr @fri/6 tcp dport { ssh, http, https } accept
    }
}