# Here is an example of different families, hooks and priorities in the
# nftables framework, all mixed together.
#
# more examples are located in files/examples in nftables source.
# For up-to-date information please visit https://wiki.nftables.org
#
# This script is meant to be loaded with `nft -f <file>`

# clear all prior state
flush ruleset

# Disabled for now - might be enabled at some future date
# 
# # native dual stack IPv4 & IPv6 family
# include "./inet-filter.nft"
# include "./inet-nat.nft"

# Disabled for now - might be enabled at some future date
# 
# # netdev family at ingress hook. Attached to a given NIC
# include "./netdev-ingress.nft"

# Some items disabled for now - might be enabled at some future date
# 
# IPv4 family, typical iptables tables/chains layout
include "/etc/nftables-ipv4-filter.nft"
# include "./ipv4-mangle.nft"
# include "./ipv4-nat.nft"
# include "./ipv4-raw.nft"

# Some items disabled for now - might be enabled at some future date
# 
# IPv6 family, typical ip6tables tables/chains layout
include "/etc/nftables-ipv6-filter.nft"
# include "./ipv6-mangle.nft"
# include "./ipv6-nat.nft"
# include "./ipv6-raw.nft"

# Disabled for now - might be enabled at some future date
# 
# # ARP family, typical arptables tables/chain layout
# include "./arp-filter.nft"

# Disabled for now - might be enabled at some future date
# 
# # bridge family, typical ebtables tables/chain layout
# include "./bridge-filter.nft"