diff --git a/files/nftables.conf b/files/nftables.conf
new file mode 100644
index 0000000..c41dd3d
--- /dev/null
+++ b/files/nftables.conf
@@ -0,0 +1,61 @@
+#!/usr/sbin/nft -f
+
+#flush ruleset
+
+table ip filter {
+	chain INPUT {
+		type filter hook input priority 0; policy drop;
+		ct state related,established accept
+		meta l4proto ipv6-icmp accept
+		meta l4proto icmp accept
+
+		meta l4proto udp udp dport 53 accept
+
+		udp dport 53 accept
+		tcp dport 53 accept
+
+		udp dport 6666 accept
+		udp dport 51280 accept
+		
+		tcp dport 6073 accept
+		tcp dport 443 accept		
+		tcp dport 80 accept
+		tcp dport 22 accept
+
+		ip saddr 127.0.0.0/8 accept
+	}
+	chain FORWARD {
+		type filter hook forward priority 0; policy drop;
+	}
+	chain OUTPUT {
+		type filter hook output priority 0; policy accept;
+		tcp sport 25 drop
+	}
+}
+
+table ip6 filter {
+	chain INPUT {
+		type filter hook input priority 0; policy drop;
+		ct state related,established accept
+		meta l4proto ipv6-icmp accept
+
+		udp dport 53 accept
+		tcp dport 53 accept
+
+		tcp dport 6073 accept
+		tcp dport 443 accept
+		tcp dport 80 accept
+		tcp dport 22 accept
+
+		ip6 saddr ::1/128 accept
+		ip6 saddr 2001:470:c844::/48 accept
+	}
+	chain FORWARD {
+		type filter hook forward priority 0; policy accept;
+	}
+	chain OUTPUT {
+		type filter hook output priority 0; policy accept;
+		tcp sport 25 drop
+	}
+}
+