define netif = enp0s3
define dmzif = enp0s8
define lanif = enp0s9


table ip ipfilter {

	chain prerouting {
		type filter hook prerouting priority filter; policy drop;
		tcp dport 22 accept
	}

	chain routing {
		type filter hook forward priority filter; policy drop;
		icmp type echo-request iif { $netif, $dmzif } drop
		icmp type { echo-reply, echo-request } accept
	}

	chain system_in {
		type filter hook input priority filter; policy drop;
		icmp type echo-request iif { $netif, $dmzif } drop
		tcp dport 22 accept
	}

	chain system_out {
		type filter hook output priority filter; policy drop;
		tcp sport 22 accept
	}

	chain postrouting {
		type filter hook postrouting priority filter; policy drop;
		tcp sport 22 accept
	}
}