diff --git a/ssrun b/ssrun
new file mode 100755
index 0000000..c0d604f
--- /dev/null
+++ b/ssrun
@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+set_prefix="cgroup:ip:transparent_proxy cgroup:ip6:transparent_proxy_v6"
+while [ -n "$1" ]; do
+[ "$1" == '-4' ] && set_prefix="cgroup:ip:transparent_proxy" || act="$1"
+shift
+done
+act="${act:-bp}"
+case "$act" in
+bp)
+nftset="tcp_bypass udp_bypass"
+;;
+fw)
+nftset="tcp_enforce udp_enforce"
+;;
+bp_tcp)
+nftset="tcp_bypass"
+;;
+bp_udp)
+nftset="udp_bypass"
+;;
+fw_tcp)
+nftset="tcp_enforce"
+;;
+fw_udp)
+nftset="udp_enforce"
+;;
+*)
+echo -e 'Usage: ssrun [-4] action\nerror: action should be one of:\n\tbp fw bp_tcp bp_udp fw_tcp fw_udp'
+exit 1
+;;
+esac
+nftsets=""
+for p in $set_prefix; do
+for s in $nftset; do
+nftsets="$nftsets $p:$s"
+done
+done
+echo "act=${act} nftsets=${nftsets:1}"
+envf="$(mktemp /tmp/envXXXXXXXX)"
+env > "$envf"
+sudo systemd-run --uid $(id -u) --gid $(id -g) -p NFTSet="${nftsets:1}" --collect -p EnvironmentFile="$envf" -p ExecStartPost="/usr/bin/rm -- $envf" -S