#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0;
		iif lo accept
		ct state established,related accept
		tcp dport { 22, 22, 80, 443, 8140 } ct state new accept
		icmp type { 0, 3, 8, 11, 12 } accept
		icmpv6 type { 1, 3, 4, 128, 129 } accept
		counter drop
	}
	chain forward {
		type filter hook forward priority filter;
	}
	chain output {
		type filter hook output priority filter;
	}
}