#!/usr/sbin/nft -f

flush ruleset

table inet filter {
    chain input {
      type filter hook input priority 0;
    }
    chain forward {
        type filter hook forward priority 0; policy accept
        ip daddr 172.17.0.0/30 tcp dport { 80 } accept;
        tcp dport { 0-65535 } reject;
        udp dport { 0-65535 }  reject;
        accept
    }
    chain output {
        type filter hook output priority 0;
    }
}