diff --git a/.config/nftables.conf b/.config/nftables.conf
new file mode 100755
index 0000000..a4a8073
--- /dev/null
+++ b/.config/nftables.conf
@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter; policy drop;
+		# accept any localhost traffic
+		iif lo accept
+		# accept traffic originated from us
+		ct state established,related accept
+		# accept neighbour discovery otherwise connectivity breaks
+		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+	}
+}