nft list ruleset
table inet firewall {
    set audit-servers {
       type ipv4_addr
       elements = { 10.1.0.1, 192.168.0.1 }
    }
    set http-servers {
       type ipv4_addr
       elements = { 10.1.1.1, 192.168.1.1 }
    }
    chain forward {
       type filter hook forward priority 0; policy accept;
       ip daddr vmap { 10.1.0.2-10.1.0.10 : jump audit-chain, 10.1.1.2-10.1.1.10 : jump http-chain, 192.168.0.2-192.168.0.10 : jump audit-chain, 192.168.1.2-192.168.1.10 : jump http-chain }
       drop
    }
    chain audit-chain {
       tcp dport 60 ip daddr @audit-servers
    }
    chain http-chain {
       tcp dport { http, https } ip daddr @http-servers
    }
}