diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25565 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25565
new file mode 100644
index 0000000..57d6809
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25565
@@ -0,0 +1 @@
+tcp dport 25565 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/sets/admin4 b/main/nnd-nft/nft/inet/nnd-base/sets/admin4
new file mode 100644
index 0000000..8188b36
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/sets/admin4
@@ -0,0 +1 @@
+set admin4 { type ipv4_addr; flags timeout, interval; auto-merge; }
diff --git a/main/nnd-nft/nft/inet/nnd-base/sets/admin6 b/main/nnd-nft/nft/inet/nnd-base/sets/admin6
new file mode 100644
index 0000000..3b33f49
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/sets/admin6
@@ -0,0 +1 @@
+set admin6 { type ipv6_addr; flags timeout, interval; auto-merge; }
diff --git a/main/nnd-nft/nft/inet/nnd-base/sets/blackhole4 b/main/nnd-nft/nft/inet/nnd-base/sets/blackhole4
new file mode 100644
index 0000000..4e0f9e0
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/sets/blackhole4
@@ -0,0 +1 @@
+set blackhole4 { type ipv4_addr; flags dynamic, timeout; }
diff --git a/main/nnd-nft/nft/inet/nnd-base/sets/blackhole6 b/main/nnd-nft/nft/inet/nnd-base/sets/blackhole6
new file mode 100644
index 0000000..e1a8bc5
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/sets/blackhole6
@@ -0,0 +1 @@
+set blackhole6 { type ipv6_addr; flags dynamic, timeout; }
diff --git a/main/nnd-nft/nft/inet/nnd-base/table b/main/nnd-nft/nft/inet/nnd-base/table
index c1594bb..f60aa83 100644
--- a/main/nnd-nft/nft/inet/nnd-base/table
+++ b/main/nnd-nft/nft/inet/nnd-base/table
@@ -1,39 +1,58 @@
 table inet nnd-base {
+	include "inet/nnd-base/sets/*";
+
 	chain rxfilter {
-		type filter hook input priority 0;
+		type filter hook input priority filter;
 		policy drop;
 
-		include "inet/nnd-base/filter/input/*";
+		jump input;
 		counter reject with icmpx type admin-prohibited;
 	}
+	chain input {
+		include "inet/nnd-base/filter/input/*";
+	}
+
 	chain fwfilter {
-		type filter hook forward priority 0;
+		type filter hook forward priority filter;
 		policy drop;
-		include "inet/nnd-base/filter/forward/*";
+
+		jump forward;
 		counter reject with icmpx type no-route;
 	}
+	chain forward {
+		include "inet/nnd-base/filter/forward/*";
+	}
+
 	chain txfilter {
-		type filter hook output priority 0;
+		type filter hook output priority filter;
 		policy accept;
+
+		jump output;
+	}
+	chain output {
 		include "inet/nnd-base/filter/output/*";
 	}
+
 	chain prenat {
-		type nat hook prerouting priority -100;
+		type nat hook prerouting priority dstnat;
 		policy accept;
 		include "inet/nnd-base/nat/prerouting/*";
 	}
+
 	chain rxnat {
-		type nat hook input priority 100;
+		type nat hook input priority filter;
 		policy accept;
 		include "inet/nnd-base/nat/input/*";
 	}
+
 	chain txnat {
-		type nat hook output priority -100;
+		type nat hook output priority filter;
 		policy accept;
 		include "inet/nnd-base/nat/output/*";
 	}
+
 	chain postnat {
-		type nat hook postrouting priority 100;
+		type nat hook postrouting priority srcnat;
 		policy accept;
 		include "inet/nnd-base/nat/postrouting/*";
 	}