#!/usr/sbin/nft -f

flush ruleset

table inet itix-fw {
    chain input {
        type filter hook input priority filter
        policy drop

        ct state invalid counter drop
        ct state { established, related } counter accept

        # Loopback
        iifname lo counter accept
    }

    chain output {
        type filter hook output priority filter
        policy drop

        ct state invalid counter drop
        ct state { established, related } counter accept

        # Loopback
        oifname lo counter accept
    }

    chain forward {
        type filter hook forward priority filter
        policy drop

        # Loopback
        iifname lo oifname lo counter accept
    }
}

table inet itix-nat {
    chain prerouting {
        type nat hook prerouting priority dstnat
        policy accept
    }
    chain postrouting {
        type nat hook postrouting priority srcnat
        policy accept
    }
    chain output {
        type nat hook output priority dstnat
        policy accept
    }
}