From f4aba20d0b24107344e8f2d0c999664dfdbf0ae7 Mon Sep 17 00:00:00 2001
From: urosm <urosm@kompot.si>
Date: Wed, 12 Jun 2024 00:47:39 +0200
Subject: [PATCH] .config/nftables.conf: update

---
 .config/nftables.conf | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/.config/nftables.conf b/.config/nftables.conf
index a4a8073..68f04c3 100755
--- a/.config/nftables.conf
+++ b/.config/nftables.conf
@@ -3,13 +3,15 @@
 flush ruleset
 
 table inet filter {
-	chain input {
-		type filter hook input priority filter; policy drop;
-		# accept any localhost traffic
-		iif lo accept
-		# accept traffic originated from us
-		ct state established,related accept
-		# accept neighbour discovery otherwise connectivity breaks
-		icmpv6 type { nd-neighbor-solicit, nd-router-advert, nd-neighbor-advert } accept
-	}
+    chain input {
+        type filter hook input priority filter; policy drop;
+
+        iif lo accept comment "Accept localhost traffic"
+        ct state invalid drop comment "Drop invalid connections"
+        ct state established,related accept comment "Accept established and related connections"
+        meta l4proto { icmp, ipv6-icmp } accept comment "Accept ICMP/ICMPv6 traffic"
+        ip protocol igmp accept comment "Accept IGMP traffic"
+
+        udp dport mdns accept comment "Accept mDNS"
+    }
 }