table inet filter {
    chain input {
{% if deluge_web_expose_client %}
        meta nfproto { ipv4, ipv6 } tcp dport {{ deluge_web_port }} accept
{% else %}
        meta nfproto { ipv4, ipv6 } iifname "lo" tcp dport {{ deluge_web_port }} accept
{% endif %}
        iifname "lo" tcp dport {{ deluge_daemon_control_port }} accept
        meta l4proto { tcp, udp } th dport {{ deluge_daemon_incoming_port }} accept
        meta l4proto { tcp, udp } th dport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
    }

    chain output {
{% if deluge_web_expose_client %}
        meta nfproto { ipv4, ipv6 } tcp sport {{ deluge_web_port }} accept
{% else %}
        meta nfproto { ipv4, ipv6 } oifname "lo" tcp sport {{ deluge_web_port }} accept
{% endif %}
        meta l4proto { tcp, udp } th sport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
        oifname "lo" tcp sport {{ deluge_daemon_control_port }} accept
        udp dport { 1900, 5351 } accept
        tcp dport 6969 accept
    }
}