#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:

destroy table inet filter
table inet filter {
  chain input {
    type filter hook input priority filter; policy drop;

    #tcp dport 32768-40960 counter meta nftrace set 1 accept comment "WoW VoiceError:17"

    ct state invalid               counter drop
    ct state {established,related} counter accept

    iif "lo"                  counter accept
    ip protocol {icmp,icmpv6} counter accept

    counter meta nftrace set 1 comment "dropped"
  }

  chain forward {
    type filter hook forward priority filter; policy drop;

    counter meta nftrace set 1 comment "dropped"
  }

  chain output {
    type filter hook output priority filter; policy accept;

    counter comment "accepted"
  }
}