#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority filter; policy drop;

        # Allow established/related
        ct state established,related accept

        # Allow loopback
        iface lo accept

        # Allow SSH
        tcp dport 22 accept

        # Allow ping
        icmp type echo-request accept
        icmpv6 type echo-request accept

        # Drop everything else
    }

    chain forward {
        type filter hook forward priority filter; policy drop;
    }

    chain output {
        type filter hook output priority filter; policy accept;
    }
}