this script makes nftables allows only bunny.net ips on some port so it's a must if you're using that cdn \

Usage

By default it only affects port 31491, oddly specific but that's because it's recommended to use a random port for hidden services. But if you use it it's not random anymore so get your own
You can also add your own filter rules
You must schedule the script, like with crontab or systemd.
The output ruleset is saved in rules.nft and ⚠️ sudo nft -f rules.nft is executed to apply that ruleset. The reason ⚠️ is because you might not want to do sudo and instead do safer stuff like I don't know
Only legacy internet protocol (also called IPv4 (ew)) is supported at this time. Not my fault