table filter {
    chain INPUT {
        # HTTP
        proto tcp dport 80 ACCEPT;
        # HTTPS
        proto tcp dport 443 ACCEPT;
    }
}