#!/usr/sbin/nft -f

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority filter;
    # Add a rule which references conntrack, to make sure that conntrack is
    # already enabled when we activate a restrictive ruleset.
    ct state { established, related } accept
	}
	chain forward {
		type filter hook forward priority filter;
	}
	chain output {
		type filter hook output priority filter;
    ct state { established, related } accept
	}
}