cp over all the bundles from kunsis bw repo

bundles/nftables/files/nftables.conf

@@ -0,0 +1,47 @@
+#!/usr/sbin/nft -f
+
+flush ruleset
+
+table inet filter {
+    chain input {
+        type filter hook input priority 0
+        policy drop
+
+        tcp flags syn tcp option maxseg size 1-500 drop
+
+        ct state { established, related } accept
+        ct state invalid drop
+
+        iif lo accept
+
+        icmp type timestamp-request drop
+        icmp type timestamp-reply drop
+        ip protocol icmp accept
+
+        ip6 nexthdr ipv6-icmp accept
+    }
+
+    chain output {
+        type filter hook output priority 0
+        policy accept
+    }
+
+    chain forward {
+        type filter hook forward priority 0
+        policy drop
+
+        icmp type timestamp-request drop
+        icmp type timestamp-reply drop
+    }
+}
+
+table nat {
+    chain prerouting {
+        type nat hook prerouting priority -100
+    }
+    chain postrouting {
+        type nat hook postrouting priority 100
+    }
+}
+
+include "/etc/nftables-rules.d/*-*"

bundles/nftables/files/override.conf

@@ -0,0 +1,10 @@
+[Service]
+RemainAfterExit=yes
+
+ExecStart=
+ExecStart=/usr/sbin/nft -f /etc/nftables.conf
+ExecStart=/usr/local/sbin/apply-sysctl
+
+ExecReload=
+ExecReload=/usr/sbin/nft -f /etc/nftables.conf
+ExecReload=/usr/local/sbin/apply-sysctl

bundles/nftables/files/rules-template

@@ -0,0 +1,3 @@
+% for rule in rules:
+add rule ${rule}
+% endfor