Dears,
I am new to Dedicated Servers / VPS and I whish to do things the right way.
Googling around gave me the very basics of nftables (I am running Debian Buster) but I cannot find out typical rules that should always be applied.
Do you have any general advice that could/should be applied in all cases? The OVH documentation lacks of such good pratices and rules of thumb.
As a first guess, I would reject any incoming request; except on ports I use (SSH, or web server).
Is this a good practice?
Here is short illustration of what I would like to do. Feedbacks are welcome 
#!/usr/sbin/nft -f
flush ruleset
table inet filter {
chain input {
type filter hook input priority 0;
# Accept localhost trafic
iif lo accept
# Accept localhost in-/out- connections
ct state { new, established, related, untracked } accept
# Accept IPv6 neighbour discovery
ip6 nexthdr icmpv6
icmpv6 type { nd-neighbor-solicit, echo-request, nd-router-advert, nd-neighbor-advert } accept
# Accept TCP traffic over SSH
tcp dport XXXXX accept
# Accept TCP trafic for SMTP
#tcp dport 25 accepts
# Reject any other connections
counter drop
}
chain forward {
type filter hook forward priority 0;
}
chain output {
type filter hook output priority 0;
}
}
I thank you to share your experience. This is highly valuable
KR,
Seb