#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:

destroy table inet filter
table inet filter {
  chain input {
    type filter hook input priority filter; policy drop;

    ct state invalid counter drop

    iif "lo"                       counter accept
    ip protocol {icmp,icmpv6}      counter accept
    ct state {established,related} counter accept

    counter comment "dropped"
  }

  chain forward {
    type filter hook forward priority filter; policy drop;

    counter comment "dropped"
  }

  chain output {
    type filter hook output priority filter; policy accept;

    counter comment "accepted"
  }
}