#!/usr/sbin/nft -f

flush ruleset

############ only uncomment needed families and hooks below ############

# native dual stack IPv4 & IPv6 family
# include "./inet-filter.nft"

# netdev family at ingress hook. Attached to a given NIC
# include "./netdev-ingress.nft"

# IPv4 family, typical iptables tables/chains layout
# include "./ipv4-filter.nft"
# include "./ipv4-mangle.nft"
# include "./ipv4-nat.nft"
# include "./ipv4-raw.nft"

# IPv6 family, typical ip6tables tables/chains layout
# include "./ipv6-filter.nft"
# include "./ipv6-mangle.nft"
# include "./ipv6-nat.nft"
# include "./ipv6-raw.nft"

# ARP family, typical arptables tables/chain layout
# include "./arp-filter.nft"

# bridge family, typical ebtables tables/chain layout
# include "./bridge-filter.nft"

############ user rules start here ############