例如:允许教室并阻止共享IP的youtube:
dig www.youtube.com +short | grep "$(dig classroom.google.com +short)"
142.251.32.78
https://serverfault.com/questions/988309/filter-on-bytes-in-udp-payload-using-nftables#988614
和
https://blog.cloudflare.com/programmable-packet-filtering-with-magic-firewall
似乎相关。