#!/usr/bin/nft -f
# vim:set ts=2 sw=2 et:

destroy table inet filter;
table inet filter {
  chain input {
    type filter hook input priority filter; policy drop;

    #tcp dport 32768-65535 counter meta nftrace set 1 accept comment "WoW VoiceError:17"

    ct state invalid                counter drop
    ct state {established, related} counter accept

    iif "lo"                  counter accept
    ip protocol {icmp,icmpv6} counter accept

    iifname "waydroid0" meta l4proto {tcp, udp} th dport {53, 67} counter accept

    counter meta nftrace set 1 comment "dropped"
  }

  chain forward {
    type filter hook forward priority filter; policy drop;

    iifname "waydroid0" counter accept
    oifname "waydroid0" counter accept

    counter meta nftrace set 1 comment "dropped"
  }

  chain output {
    type filter hook output priority filter; policy accept;

    counter comment "accepted"
  }
}