#!/usr/sbin/nft -f

#flush ruleset

table ip filter {
	chain INPUT {
		type filter hook input priority 0; policy drop;
		ct state related,established accept
		meta l4proto ipv6-icmp accept
		meta l4proto icmp accept

		meta l4proto udp udp dport 53 accept

		udp dport 53 accept
		tcp dport 53 accept

		udp dport 6666 accept
		udp dport 51280 accept

		tcp dport 6073 accept
		tcp dport 443 accept
		tcp dport 80 accept
		tcp dport 22 accept

		ip saddr 127.0.0.0/8 accept
	}
	chain FORWARD {
		type filter hook forward priority 0; policy drop;
	}
	chain OUTPUT {
		type filter hook output priority 0; policy accept;
		tcp sport 25 drop
	}
}

table ip6 filter {
	chain INPUT {
		type filter hook input priority 0; policy drop;
		ct state related,established accept
		meta l4proto ipv6-icmp accept

		udp dport 53 accept
		tcp dport 53 accept

		tcp dport 6073 accept
		tcp dport 443 accept
		tcp dport 80 accept
		tcp dport 22 accept

		ip6 saddr ::1/128 accept
		ip6 saddr 2001:470:c844::/48 accept
	}
	chain FORWARD {
		type filter hook forward priority 0; policy accept;
	}
	chain OUTPUT {
		type filter hook output priority 0; policy accept;
		tcp sport 25 drop
	}
}