nftables.conf (573B)
1 flush ruleset 2 3 table inet firewall { 4 chain input { 5 type filter hook input priority filter; policy drop; 6 7 meta iif lo accept 8 meta iif virbr0 accept 9 ct state invalid drop 10 ct state established,related accept 11 meta l4proto icmp accept 12 meta l4proto ipv6-icmp accept 13 14 counter comment "Count everything else" 15 } 16 17 chain forward { 18 type filter hook forward priority filter; policy drop; 19 20 meta iif virbr0 accept 21 meta oif virbr0 accept 22 23 counter comment "Count everything else" 24 } 25 26 chain output { 27 type filter hook output priority filter; policy accept; 28 } 29 }