#!/usr/sbin/nft -f

# only flush tables managed by this file
table inet filter
flush table inet filter

table inet filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ip protocol icmp accept
		ip6 nexthdr icmpv6 accept
		iifname lo accept
		ct state related,established accept

		tcp dport 22 accept
		tcp dport 53 accept
		udp dport 53 accept
	}
	chain forward {
		type filter hook forward priority filter; policy drop;
		ct state related,established counter accept
	}
	chain output {
		type filter hook output priority filter;
	}
}