&def_service(letsencrypt1, letsencrypt, tcp, 80);
&def_service(letsencrypt2, letsencrypt, tcp, 443);
&allow_service_for_all(letsencrypt1);
&allow_service_for_all(letsencrypt2);
@def $lets_ip4 = @resolve("letsencrypt.eve.higgsboson.tk", A); 
@def $lets_ip6 = @resolve("ipv6.letsencrypt.eve.higgsboson.tk", AAAA); 
@def $lets_ula = @resolve("ula.letsencrypt.eve.higgsboson.tk", AAAA);
table filter chain FORWARD daddr @ipfilter(($lets_ip4 $lets_ip6 $lets_ula)) protocol tcp dport (80 443) ACCEPT;