#!/usr/bin/nft
flush ruleset

table ip filter {
	chain in {
		type filter hook input priority filter; policy drop;
		ct state invalid drop;
		ct state {related,established} accept;
	}
	chain forward {
		type filter hook forward priority filter; policy drop;
	}

	chain out {
		type filter hook output priority filter; policy drop;
	}
}