From a8a3ce6b575f8de21d2b325fbcb93e29ea51235a Mon Sep 17 00:00:00 2001
From: Antonio Ospite <ao2@ao2.it>
Date: Thu, 26 Apr 2018 15:00:09 +0200
Subject: [PATCH] nftables-workstation.nft: set default policy to drop

---
 nftables-workstation.nft | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nftables-workstation.nft b/nftables-workstation.nft
index 7261291..ecfb200 100644
--- a/nftables-workstation.nft
+++ b/nftables-workstation.nft
@@ -40,6 +40,7 @@ table inet filter {
 
     chain input {
         type filter hook input priority 0
+        policy drop
 
         ct state established,related accept
         ct state invalid drop
@@ -124,12 +125,16 @@ table inet filter {
 
     chain forward {
         type filter hook forward priority 0
+        policy drop
+
         limit rate 3/minute burst 10 packets log prefix "[FORWARD]: "
         counter reject
     }
 
     chain output {
         type filter hook output priority 0
+        policy drop
+
         counter accept
     }
 }
-- 
2.1.4