#! /sbin/nft -f


table inet firewall {

	# Définition de la DMZ

	set z_dmz {
		type ipv4_addr
		flags interval
		elements = {193.48.225.224/27}
	}

	set dmz_allowed_tcp_in {
		type ipv4_addr . inet_service
	}
	set dmz_allowed_tcp_out {
		type ipv4_addr . inet_service
	}
	set dmz_allowed_udp_in {
		type ipv4_addr . inet_service
	}
	set dmz_allowed_udp_out {
		type ipv4_addr . inet_service
	}

	chain to_dmz {
		#ip daddr . tcp dport @dmz_allowed_tcp_in accept
		#ip daddr . udp dport @dmz_allowed_udp_in accept
		accept
	}

	chain from_dmz {
		#ip saddr . tcp dport != @dmz_allowed_tcp_out drop
		#ip saddr . udp dport != @dmz_allowed_udp_out drop
	}

}