flush ruleset
table inet firewall {
chain input {
  type filter hook input priority 0; policy drop;
  iifname "lo" accept
  iifname "eth0" accept
  ct state invalid drop
  icmp type { echo-request, time-exceeded } limit rate 50/second accept
  icmpv6 type { echo-request, nd-neighbor-solicit, nd-neighbor-advert, nd-router-advert } limit rate 50/second accept
  udp dport { 546 } accept #IPv6 DHCP
  tcp dport { 22,10050 } ip saddr { 198.51.100.0/25 } accept #management
  ct state { established, related } accept
}
chain forward { type filter hook forward priority 0; policy drop; }
chain output { type filter hook output priority 0; policy accept; }
}