1 files changed, 56 insertions, 0 deletions

diff --git a/debian/examples/overview.nft b/debian/examples/overview.nft
new file mode 100755
index 0000000..98079db
--- /dev/null
+++ b/debian/examples/overview.nft
@@ -0,0 +1,56 @@
+#!/usr/sbin/nft -f
+
+table inet overview_test_table {
+	chain overview_test_chain {
+		#
+		# simple selectors
+		#
+
+		# source & destination address
+		ip saddr 1.1.1.1 ip daddr 2.2.2.2
+
+		# tcp or udp ports
+		tcp dport 123
+		udp sport 123
+
+		# using sets
+		ip saddr {1.1.1.1, 2.2.2.2} ip daddr {3.3.3.3, 4.4.4.4} tcp dport {22, 80, 443}
+
+		# packets meta information: nic names
+		iifname eth0 oifname eth1
+
+		# packets meta information: nic index
+		iif bond0 oif bond1
+
+		# conntrack engine states
+		ct state new,established
+		ct state invalid
+		ct state established,related
+
+		#
+		# simple verdicts (iptables targets)
+		#
+
+		# counter and drop all traffic
+		counter drop
+
+		# accept all traffic
+		accept
+
+		#
+		# rejecting traffic (more info at http://wiki.nftables.org/)
+		#
+
+		# counter and reject all traffic
+		counter reject
+
+		# reject with a concrete ICMP code
+		reject with icmp type host-unreachable
+
+		# reject with a concrete ICMPv6 code
+		reject with icmpv6 type no-route
+
+		# multi-family reject, using the icmpx keyword
+		reject with icmpx type admin-prohibited
+	}
+}