My personal NFTables setup, USAGE: nft -f nfttables.rules

nfttables.rules

#IPv4 filtering
# input
delete rule filter input
add rule filter input ct state established accept
add rule filter input ct state related accept
add rule filter input meta iif lo accept
add rule filter input tcp dport ssh counter packets 0 bytes 0 accept
add rule filter input tcp dport https counter packets 0 bytes 0 accept
add rule filter input tcp dport https counter packets 0 bytes 0 accept
add rule filter input counter packets 5 bytes 5 log drop

# forwarding
delete rule filter forward

# output
delete rule filter output
add rule filter output ct state established accept
add rule filter output ct state related accept
add rule filter output meta oif lo accept
add rule filter output ct state new counter packets 0 bytes 0 accept

#IPv6 filtering
# input
delete rule ip6 filter input
add rule ip6 filter input ct state established accept
add rule ip6 filter input ct state related accept
add rule ip6 filter input meta iif lo accept
add rule ip6 filter input tcp dport ssh counter packets 0 bytes 0 accept
add rule ip6 filter input tcp dport http counter packets 0 bytes 0 accept
add rule ip6 filter input tcp dport https counter packets 0 bytes 0 accept
add rule ip6 filter input icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
add rule ip6 filter input counter packets 5 bytes 5 log drop

# forwarding
delete rule ip6 filter forward

# output
delete rule ip6 filter output
add rule ip6 filter output  ct state established accept
add rule ip6 filter output  ct state related accept
add rule ip6 filter output  meta oif lo accept
add rule ip6 filter output  ct state new counter packets 0 bytes 0 accept