domain (ip ip6) {
    table filter {
        chain INPUT {
            # HTTP
            proto tcp dport 80 ACCEPT;
            # HTTPS
            proto tcp dport 443 ACCEPT;
        }
    }
}