update `nftables.conf` config

.config/nftables.conf

@@ -3,13 +3,15 @@
 flush ruleset
 
 table inet filter {
-	chain input {
+    chain input {
-		type filter hook input priority filter; policy drop;
+        type filter hook input priority filter; policy drop;
-		# accept any localhost traffic
+
-		iif lo accept
+        iif lo accept comment "Accept localhost traffic"
-		# accept traffic originated from us
+        ct state invalid drop comment "Drop invalid connections"
-		ct state established,related accept
+        ct state established,related accept comment "Accept established and related connections"
-		# accept neighbour discovery otherwise connectivity breaks
+        meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
-		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
+        ip protocol igmp accept comment "Accept IGMP traffic"
-	}
+
+        udp dport mdns accept comment "Accept mDNS"
+    }
 }