From 0abb6e1a2b8da6f06c5648daae18c44123ab21bb Mon Sep 17 00:00:00 2001
From: urosm <urosm@kompot.si>
Date: Tue, 11 Jun 2024 22:57:46 +0000
Subject: [PATCH] update `nftables.conf` config

---
 .config/nftables.conf | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/.config/nftables.conf b/.config/nftables.conf
index 88eaca0..d5781d4 100755
--- a/.config/nftables.conf
+++ b/.config/nftables.conf
@@ -2,17 +2,16 @@
 flush ruleset
 
 table inet filter {
-	chain inbound {
-		type filter hook input priority 0; policy drop;
+	chain input {
+		type filter hook input priority 0; policy drop; comment "Drop all inbound traffic by default"
 
 		iif lo accept comment "Accept loopback traffic"
-		meta l4proto { icmp, ipv6-icmp } accept comment "Accept all icmp/icmpv6 traffic"
-		ct state vmap { established : accept, related : accept, invalid : drop } comment "Allow traffic from established and related connections, drop invalid"
+		ct state invalid drop comment "Drop invalid connections"
+		ct state established,related accept comment "Accept established and related connections"
+		meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
 
 		tcp dport ssh accept comment "Accept SSH on port 22"
 		udp dport 1194 accept comment "Accept VPN on port 1194"
-
-		# log prefix "[nftables] Inbound Denied: " counter drop comment "Log denied traffic"
 	}
 	chain forward {
 		type filter hook forward priority 0; policy drop;