diff --git a/cookbooks/nftables/Makefile b/cookbooks/nftables/Makefile
new file mode 100644
index 0000000..b5d6376
--- /dev/null
+++ b/cookbooks/nftables/Makefile
@@ -0,0 +1,14 @@
+##
+## Makefile for nftables quadlet
+##
+
+# Additional nftables directories and files
+TARGET_FILES += $(TARGET_CHROOT)/etc/sysconfig/nftables.conf
+$(TARGET_CHROOT)/etc/sysconfig/nftables.conf: other/nftables.conf
+	install -D -o root -g root -m 755 $< $@
+
+SYSTEMD_MAIN_UNIT_NAMES = nftables.service
+
+# Include common Makefile
+include ../../scripts/common.mk
+
diff --git a/cookbooks/nftables/config/00-global.nft b/cookbooks/nftables/config/00-global.nft
new file mode 100755
index 0000000..59b7a31
--- /dev/null
+++ b/cookbooks/nftables/config/00-global.nft
@@ -0,0 +1,46 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet itix-fw {
+    chain input {
+        type filter hook input priority filter + 20
+        policy drop
+
+        ct state invalid counter drop
+        ct state { established, related } counter accept
+
+        # Loopback
+        iifname lo counter accept
+    }
+
+    chain output {
+        type filter hook output priority filter + 20
+        policy drop
+
+        ct state invalid counter drop
+        ct state { established, related } counter accept
+
+        # Loopback
+        oifname lo counter accept
+    }
+
+    chain forward {
+        type filter hook forward priority filter + 20
+        policy drop
+
+        # Loopback
+        iifname lo oifname lo counter accept
+    }
+}
+
+table inet itix-nat {
+    chain prerouting {
+        type nat hook prerouting priority dstnat + 20
+        policy accept
+    }
+    chain postrouting {
+        type nat hook postrouting priority srcnat + 20
+        policy accept
+    }
+}
diff --git a/cookbooks/nftables/config/20-standard-rules.nft b/cookbooks/nftables/config/20-standard-rules.nft
new file mode 100755
index 0000000..5717a54
--- /dev/null
+++ b/cookbooks/nftables/config/20-standard-rules.nft
@@ -0,0 +1,7 @@
+#!/usr/sbin/nft -f
+
+# Enable SSH connections from anywhere
+add rule inet itix-fw input tcp dport 22 counter accept
+
+# Allow outgoing connections
+add rule inet itix-fw output counter accept
diff --git a/cookbooks/nftables/hooks.mk b/cookbooks/nftables/hooks.mk
new file mode 100644
index 0000000..ab69cd6
--- /dev/null
+++ b/cookbooks/nftables/hooks.mk
@@ -0,0 +1,5 @@
+# Nftables configuration files
+TARGET_NFTABLES_FILES = $(patsubst other/nftables/%, $(TARGET_CHROOT)/etc/quadlets/nftables/%, $(wildcard other/nftables/*))
+TARGET_EXAMPLE_FILES += $(TARGET_NFTABLES_FILES)
+$(TARGET_CHROOT)/etc/quadlets/nftables/%: other/nftables/%
+	install -m 0644 -o root -g root $< $@
diff --git a/cookbooks/nftables/other/nftables.conf b/cookbooks/nftables/other/nftables.conf
new file mode 100644
index 0000000..18e6ca1
--- /dev/null
+++ b/cookbooks/nftables/other/nftables.conf
@@ -0,0 +1 @@
+include "/etc/quadlets/nftables/*.nft"