diff --git a/filter.nft b/filter.nft new file mode 100644 index 0000000..e123562 --- /dev/null +++ b/filter.nft @@ -0,0 +1,17 @@ +#!/usr/bin/nft +flush ruleset + +table ip filter { + chain in { + type filter hook input priority filter; policy drop; + ct state invalid drop; + ct state {related,established} accept; + } + chain forward { + type filter hook forward priority filter; policy drop; + } + + chain out { + type filter hook output priority filter; policy drop; + } +}