table inet ocserv {
    chain forward {
        type filter hook forward priority filter + 10; policy drop;
        ct state { established, related } accept
        meta mark 0x100 accept
    }
}

table ip ocserv {
    chain postrouting {
        type nat hook postrouting priority srcnat; policy drop;
        meta mark 0x100 masquerade
    }
}