table ip nat {
        chain prerouting {
                type nat hook prerouting priority dstnat; policy accept;
                iif "{{ nftables.wan_interface }}" tcp dport { 80, 443 } dnat to {{ nftables.dmz_ip }}
        }
}