#!/usr/sbin/nft -fflush rulesettable inet filter { chain input {

1. #!/usr/sbin/nft -f
2. flush ruleset
3. table inet filter {
4.     chain input {
5.         type filter hook input priority 0; policy drop;
6.         iifname lo accept
7.         ct state { related,established } accept
8.         ct state invalid counter drop
9.         tcp flags & (fin|syn|rst|ack) != syn ct state new counter drop
10.         ct state new tcp dport {ssh, http, https, 8388} counter accept #Разрешаешь TCP порты
11.         ct state new tcp dport {8388} counter accept #Разрешашь UDP порты
12.     }
13.     chain forward {
14.         type filter hook forward priority 0;
15.     }
16.     chain output {
17.         type filter hook output priority 0;
18.     }
19. }