diff --git a/rust/Cargo.lock b/rust/Cargo.lock
index 65a5567..06b4a2a 100644
--- a/rust/Cargo.lock
+++ b/rust/Cargo.lock
@@ -315,14 +315,6 @@ version = "2.3.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "135b12329e5e3ce057a9f972339ea52bc954fe1e9358ef27f95e89716fbc5424"
 
-[[package]]
-name = "iptables"
-version = "0.6.0"
-dependencies = [
- "lazy_static",
- "regex",
-]
-
 [[package]]
 name = "is-terminal"
 version = "0.4.17"
@@ -355,12 +347,6 @@ version = "1.0.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c"
 
-[[package]]
-name = "lazy_static"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
-
 [[package]]
 name = "libc"
 version = "0.2.177"
@@ -915,7 +901,6 @@ dependencies = [
  "anyhow",
  "clap",
  "daemonize",
- "iptables",
  "libc",
  "libnfqws",
  "log",
diff --git a/rust/crates/libnfqws/build.rs b/rust/crates/libnfqws/build.rs
index ba71938..52440c2 100644
--- a/rust/crates/libnfqws/build.rs
+++ b/rust/crates/libnfqws/build.rs
@@ -33,6 +33,10 @@ fn main() {
     println!("cargo:rustc-link-lib=nfnetlink");
     println!("cargo:rustc-link-lib=mnl");
 
+    if let Ok(link_libs) = env::var("NETFILTER_LIBS") {
+        println!("cargo:rustc-link-search=native={link_libs}/lib");
+    }
+
     println!("cargo:rustc-link-lib=static=nfqws");
     println!("cargo:rerun-if-changed={}", NFQ.display());
     println!("cargo:rerun-if-changed={}", NFQ_CRYPTO.display());
diff --git a/rust/crates/libnfqws/zapret b/rust/crates/libnfqws/zapret
index 1408c38..0b8e0dc 160000
--- a/rust/crates/libnfqws/zapret
+++ b/rust/crates/libnfqws/zapret
@@ -1 +1 @@
-Subproject commit 1408c38522193e6debdf7491a6cd7ee44a8fce05
+Subproject commit 0b8e0dc97df8c553dda2f3faf2df5eb664739c34
diff --git a/rust/crates/zaprett/Cargo.toml b/rust/crates/zaprett/Cargo.toml
index 3b2924c..2cc5b63 100644
--- a/rust/crates/zaprett/Cargo.toml
+++ b/rust/crates/zaprett/Cargo.toml
@@ -7,7 +7,6 @@ repository.workspace = true
 [dependencies]
 anyhow = { workspace = true }
 clap = { workspace = true }
-iptables = { path = "../iptables" }
 libc = { workspace = true }
 regex = { workspace = true }
 rust-ini = { workspace = true }
diff --git a/rust/crates/zaprett/src/main.rs b/rust/crates/zaprett/src/main.rs
index d5fe144..f387c37 100644
--- a/rust/crates/zaprett/src/main.rs
+++ b/rust/crates/zaprett/src/main.rs
@@ -354,51 +354,53 @@ fn merge_files(
 }
 
 fn setup_iptables_rules() {
-    let ipt = iptables::new(false).unwrap();
-
-    ipt.insert(
-        "mangle",
-        "POSTROUTING",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-        1,
-    )
-    .unwrap();
-    ipt.insert(
-        "mangle",
-        "PREROUTING",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-        1,
-    )
-    .unwrap();
-    ipt.append(
-        "filter",
-        "FORWARD",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-    )
-    .unwrap();
+    todo!();
+    // let ipt = iptables::new(false).unwrap();
+    //
+    // ipt.insert(
+    //     "mangle",
+    //     "POSTROUTING",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    //     1,
+    // )
+    // .unwrap();
+    // ipt.insert(
+    //     "mangle",
+    //     "PREROUTING",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    //     1,
+    // )
+    // .unwrap();
+    // ipt.append(
+    //     "filter",
+    //     "FORWARD",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    // )
+    // .unwrap();
 }
 
 fn clear_iptables_rules() {
-    let ipt = iptables::new(false).unwrap();
-
-    ipt.delete(
-        "mangle",
-        "POSTROUTING",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-    )
-    .unwrap();
-    ipt.delete(
-        "mangle",
-        "PREROUTING",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-    )
-    .unwrap();
-    ipt.delete(
-        "filter",
-        "FORWARD",
-        "-j NFQUEUE --queue-num 200 --queue-bypass",
-    )
-    .unwrap();
+    todo!();
+    // let ipt = iptables::new(false).unwrap();
+    //
+    // ipt.delete(
+    //     "mangle",
+    //     "POSTROUTING",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    // )
+    // .unwrap();
+    // ipt.delete(
+    //     "mangle",
+    //     "PREROUTING",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    // )
+    // .unwrap();
+    // ipt.delete(
+    //     "filter",
+    //     "FORWARD",
+    //     "-j NFQUEUE --queue-num 200 --queue-bypass",
+    // )
+    // .unwrap();
 }
 
 async fn run_nfqws(args_str: &String) -> anyhow::Result<()> {
diff --git a/rust/justfile b/rust/justfile
new file mode 100644
index 0000000..5a85d6b
--- /dev/null
+++ b/rust/justfile
@@ -0,0 +1,109 @@
+set shell := ["sh", "-eu", "-c"]
+
+export ANDROID_API := "21"
+export ANDROID_NDK_VERSION := "r27d-linux"
+
+TARGET := `pwd` + "/target"
+
+export NETFILTER_LIBS := TARGET + "/netfilter"
+
+export NDK_HOME := TARGET + "/android-ndk-" + ANDROID_NDK_VERSION
+
+_download_android_ndk:
+    #!/usr/bin/env sh
+    if [ ! -d "{{NDK_HOME}}" ]; then
+        echo "Downloading ndk {{ANDROID_NDK_VERSION}} to {{NDK_HOME}}"
+        TMPFILE="{{NDK_HOME}}.tmp"
+        TMPDIR="{{NDK_HOME}}.extracted.tmp"
+
+        curl -L -C - -o "$TMPFILE" "https://dl.google.com/android/repository/android-ndk-{{ANDROID_NDK_VERSION}}.zip"
+
+        unzip "$TMPFILE" -d "$TMPDIR"
+
+        inner_folder=$(find "$TMPDIR" -mindepth 1 -maxdepth 1 -type d | head -n 1)
+        mv -T "$inner_folder" "$NDK_HOME"
+
+        rm -rf "$TMPFILE" "$TMPDIR"
+
+        echo "Android ndk {{ANDROID_NDK_VERSION}} successfully installed in {{NDK_HOME}}"
+    else
+        echo "Android ndk {{ANDROID_NDK_VERSION}} already installed in {{NDK_HOME}}"
+    fi
+
+_build_netfilter_libs abi target_arch:
+    #!/usr/bin/env sh
+
+    if [ ! -d "{{NETFILTER_LIBS}}-{{target_arch}}" ]; then
+        export PATCH="$(pwd)/libnetfilter_queue-android.patch"
+        cd "{{TARGET}}"
+
+        export TOOLCHAIN=$NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64
+        export CC="$TOOLCHAIN/bin/clang --target={{target_arch}}$ANDROID_API"
+        export AR=$TOOLCHAIN/bin/llvm-ar
+        export AS=$CC
+        export ABI={{abi}}
+        export LD=$TOOLCHAIN/bin/ld
+        export RANLIB=$TOOLCHAIN/bin/llvm-ranlib
+        export STRIP=$TOOLCHAIN/bin/llvm-strip
+        export PKG_CONFIG_PATH=$NETFILTER_LIBS-{{target_arch}}/lib/pkgconfig
+
+        if [ ! -d "libnfnetlink-1.0.2" ]; then
+            wget -O- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
+        fi
+
+        if [ ! -d "libmnl-1.0.5" ]; then
+            wget -O- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
+        fi
+
+        if [ ! -d "libnetfilter_queue-1.0.5" ]; then
+            wget -O- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
+            patch -p1 -d libnetfilter_queue-* -i $PATCH
+        fi
+
+        for i in libmnl libnfnetlink libnetfilter_queue ; do
+        (
+            cd $i-*
+            CFLAGS="-Os -flto=auto -Wno-implicit-function-declaration" \
+            ./configure --prefix= --host={{target_arch}} --enable-static --disable-shared --disable-dependency-tracking
+            make -j$(nproc)
+            make install DESTDIR=$NETFILTER_LIBS-{{target_arch}}
+        )
+            sed -i "s|^prefix=.*|prefix=$NETFILTER_LIBS-{{target_arch}}|g" $NETFILTER_LIBS-{{target_arch}}/lib/pkgconfig/$i.pc
+        done
+    else
+        echo "netfilter libs for {{target_arch}} already built"
+    fi
+
+prepare-android: _download_android_ndk
+    #!/usr/bin/env sh
+    cargo install cargo-ndk
+
+    targets=("armv7-linux-androideabi" "aarch64-linux-android" "i686-linux-android" "x86_64-linux-android")
+    for t in "${targets[@]}"; do
+        if ! rustup target list --installed | grep -q "$t"; then
+            echo "Installing missing target: $t"
+            rustup target add "$t"
+        else
+            echo "Target already installed: $t"
+        fi
+    done
+
+build-android *args: prepare-android
+    #!/usr/bin/env sh
+
+    targets=("armv7-linux-androideabi")
+    abis=("armeabi-v7a")
+
+    for i in "${!targets[@]}"; do
+        t=${targets[$i]}
+        a=${abis[$i]}
+        (
+            echo "Building target=$t, abi=$a"
+            export CFLAGS="-I$NETFILTER_LIBS-$t/include"
+            export LDFLAGS="-L$NETFILTER_LIBS-$t/lib"
+            export CXXFLAGS="$CFLAGS"
+
+            just _build_netfilter_libs $a $t
+            NETFILTER_LIBS=$NETFILTER_LIBS-$t cargo ndk -t $t --platform $ANDROID_API build {{args}}
+        )
+    done
diff --git a/rust/libnetfilter_queue-android.patch b/rust/libnetfilter_queue-android.patch
new file mode 100644
index 0000000..a0ce64b
--- /dev/null
+++ b/rust/libnetfilter_queue-android.patch
@@ -0,0 +1,41 @@
+--- a/src/extra/pktbuff.c
++++ b/src/extra/pktbuff.c
+@@ -14,7 +14,7 @@
+ #include <string.h> /* for memcpy */
+ #include <stdbool.h>
+ 
+-#include <netinet/if_ether.h>
++#include <linux/if_ether.h>
+ #include <netinet/ip.h>
+ #include <netinet/tcp.h>
+ 
+--- a/src/nlmsg.c
++++ b/src/nlmsg.c
+@@ -21,7 +21,7 @@
+ 
+ #include <linux/netfilter/nfnetlink_queue.h>
+ 
+-#include <libnetfilter_queue/libnetfilter_queue.h>
++// #include <libnetfilter_queue/libnetfilter_queue.h>
+ 
+ #include "internal.h"
+ 
+--- a/src/extra/tcp.c
++++ b/src/extra/tcp.c
+@@ -139,12 +139,16 @@ void nfq_tcp_compute_checksum_ipv6(struc
+  *  (union is compatible to any of its members)
+  *  This means this part of the code is -fstrict-aliasing safe now.
+  */
++#ifndef __ANDROID__
+ union tcp_word_hdr {
+ 	struct tcphdr hdr;
+ 	uint32_t  words[5];
+ };
++#endif
+ 
++#ifndef tcp_flag_word
+ #define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words[3])
++#endif
+ 
+ /**
+  * nfq_pkt_snprintf_tcp_hdr - print tcp header into one buffer in a humnan