table inet filter {
    chain input {
        type filter hook input priority 0; policy drop;

        # 1. Autoriser le trafic interne (loopback)
        iif "lo" accept

        # 2. Autoriser les connexions déjà établies (réponses au trafic sortant)
        ct state established,related accept

        # 3. Autoriser le SSH (Port 22)
        tcp dport 22 accept

        # 4. Autoriser le Ping 
        icmp type echo-request accept
        icmpv6 type echo-request accept

       
    }

    chain forward {
        type filter hook forward priority 0; policy drop;
    }

    chain output {
        type filter hook output priority 0; policy accept;
    }
}