<html>

    <head>

      <base href="https://bugzilla.netfilter.org/" />

    </head>

    <body><table border="1" cellspacing="0" cellpadding="8">

        <tr>

          <th>Bug ID</th>

          <td><a class="bz_bug_link 

          bz_status_NEW "

   title="NEW - The "meta's""

   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1368">1368</a>

          </td>

        </tr>

        <tr>

          <th>Summary</th>

          <td>The "meta's"

          </td>

        </tr>

        <tr>

          <th>Product</th>

          <td>nftables

          </td>

        </tr>

        <tr>

          <th>Version</th>

          <td>unspecified

          </td>

        </tr>

        <tr>

          <th>Hardware</th>

          <td>x86_64

          </td>

        </tr>

        <tr>

          <th>OS</th>

          <td>All

          </td>

        </tr>

        <tr>

          <th>Status</th>

          <td>NEW

          </td>

        </tr>

        <tr>

          <th>Severity</th>

          <td>enhancement

          </td>

        </tr>

        <tr>

          <th>Priority</th>

          <td>P5

          </td>

        </tr>

        <tr>

          <th>Component</th>

          <td>nft

          </td>

        </tr>

        <tr>

          <th>Assignee</th>

          <td>pablo@netfilter.org

          </td>

        </tr>

        <tr>

          <th>Reporter</th>

          <td>tad1073@gmail.com

          </td>

        </tr></table>

      <p>

        <div>

        <pre>#!/usr/bin/nftables -f

define g6dns = { 2001:4860:4860::8888, 2001:4860:4860::8844 }

define o4dns = { 208.67.222.222, 208.67.220.220 }

define o6dns = { 2620:119:35::35, 2620:119:53::53 }

define myIPv4 = <filtered>

define myIPv6 = <filtered>

flush ruleset

table inet filter {

  set dns4 {

    type ipv4_addr;

    elements = { $g4dns, $o4dns }

    }

  set dns6 {

    type ipv6_addr;

    elements = { $g6dns, $o6dns }

    }

  set smb {

    type inet_service;

    elements = { 137, 138, 139, 445 }

    }

   chain global {

    ct direction original counter accept

    ct state { established, related } counter accept

    ct status confirmed counter accept

    ct state { invalid, untracked } counter jump global_drop

    counter drop

  chain global_dns {

   ct direction original counter accept

   ct state { established, related } counter accept

   ct status { expected, assured, confirmed } counter accept

   ct state { invalid, untracked } counter jump global_drop

   counter drop

 chain input {

  type filter hook input priority 0; policy drop;

  jump global_dns

  meta protocol { ip, ip6 } saddr { @dns4, @dns6 } daddr { $myIPv4, myIPv6 }

jump global_dns

  meta l4proto { tcp, udp } @ht,16,16 @dns jump global_dns

  meta l4proto { tcp, udp } @ht,16,16 { http, https, proxy, @smb, }jump global  

  }

}

The above is how I think it should work but it doesn't.

Reference "<a href="https://www.netfilter.org/projects/nftables/manpage.html">https://www.netfilter.org/projects/nftables/manpage.html</a>"

Reference

"<a href="https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Meta">https://wiki.nftables.org/wiki-nftables/index.php/Quick_reference-nftables_in_10_minutes#Meta</a>"</pre>

        </div>

      </p>

      <hr>

      <span>You are receiving this mail because:</span>

      <ul>

          <li>You are watching all bug changes.</li>

      </ul>

    </body>

</html>