#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        iif lo accept comment "Accept any localhost traffic"
        ct state established,related accept comment "Accept trafic originated from us"

        meta l4proto { icmp, icmpv6 } accept comment "Accept ICMP/ICMPv6 traffic"
        udp dport mdns accept comment "Accept mDNS"
        tcp dport ipp accept comment "Accept IPP"
    }
}