#!/usr/bin/nft -f

destroy table inet filter;
table inet filter {
	chain input {
		type filter hook input priority filter; policy drop;

		ct state invalid counter drop
		ct state {established, related} counter accept

		iif "lo" counter accept
		ip protocol {icmp,icmpv6} counter accept

		counter meta nftrace set 1 comment "dropped"
	}

	chain forward {
		type filter hook forward priority filter; policy drop;

		counter meta nftrace set 1 comment "dropped"
	}

	chain output {
		type filter hook output priority filter; policy accept;

		counter comment "accepted"
	}
}