# {{ ansible_managed }} {{ ansible_date_time.time }} {{ ansible_date_time.date }}
#
# vim:set ts=2 sw=2 et:

flush ruleset

table inet filter {
	chain input {
		type filter hook input priority 0; policy drop;

		# accept any localhost traffic
		iif lo accept

		# accept traffic originated from us
		ct state { established, related } accept

		tcp dport { 22, 80, 443 } accept
	}
}