From 02e32ae72fa878c2535551e06b13920c19e9391c Mon Sep 17 00:00:00 2001
From: urosm <urosm@kompot.si>
Date: Sun, 28 Apr 2024 18:01:42 +0200
Subject: [PATCH] .config/nftables.conf: add nftables config

---
 .config/nftables.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100755 .config/nftables.conf

diff --git a/.config/nftables.conf b/.config/nftables.conf
new file mode 100755
index 0000000..a4a8073
--- /dev/null
+++ b/.config/nftables.conf
@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter; policy drop;
+		# accept any localhost traffic
+		iif lo accept
+		# accept traffic originated from us
+		ct state established,related accept
+		# accept neighbour discovery otherwise connectivity breaks
+		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+	}
+}