#!/usr/sbin/nft -f
#
# Example nftables configuration for letmein.
#

flush ruleset

table inet filter {
	chain LETMEIN-INPUT {
		# This chain will be managed and filled by letmeind.
		# Do NOT put manual rules here.
		# Leave this chain empty in this configuration.
		# letmeind will dynamically insert 'accept' rules here for the leases.
	}

	chain INPUT {
		type filter hook input priority filter; policy drop;

		iifname lo accept
		ct state invalid drop
		ct state related,established accept

		meta l4proto ipv6-icmp accept
		meta l4proto icmp accept
		ip protocol igmp accept

		# Your static rules here...

		# Jump to letmein dynamic rules.
		jump LETMEIN-INPUT

		reject
	}

	chain FORWARD {
		type filter hook forward priority filter; policy drop;

		# Your static rules here...

		reject
	}

	chain OUTPUT {
		type filter hook output priority filter; policy drop;

		oifname lo accept
		ct state related,established accept

		meta l4proto ipv6-icmp accept
		meta l4proto icmp accept
		ip protocol igmp accept

		# Your static rules here...
		meta l4proto udp accept
		meta l4proto tcp accept

		reject
	}
}