.config/nftables.conf: add nftables config

.config/nftables.conf

@@ -0,0 +1,15 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+	chain input {
+		type filter hook input priority filter; policy drop;
+		# accept any localhost traffic
+		iif lo accept
+		# accept traffic originated from us
+		ct state established,related accept
+		# accept neighbour discovery otherwise connectivity breaks
+		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+	}
+}