I've got a VM at a hosting service and installed a basic firewall with nftables.
However, when it is active, all outbound traffic seems to get blocked. For example, when trying to ping google.com, I get a No route to host error. This occurs for any host I try to ping.
Here's my (really basic) config:
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0; policy drop;
# allow connection from loopback
iifname lo accept;
# established/related connections
ct state {established, related} accept;
# drop invalid connections
ct state invalid drop;
# allow ping
ip protocol icmp icmp type echo-request accept;
icmpv6 type echo-request accept;
# allow ssh connection on port 22
tcp dport 22 accept;
log flags all;
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0; policy accept;
}
}
I just cannot figure out where my problem lies.