table inet my_table {


	flowtable f {
		hook ingress priority filter
		devices = { bond0.10, bond0.20, bond0.30, bond0.40, ppp0 }
	}

	chain my_input {
		type filter hook input priority filter; policy drop;
		iif "lo" accept comment "Accept any localhost traffic"
		ct state invalid drop comment "Drop invalid connections"
		icmp type echo-request limit rate over 10/second burst 4 packets drop comment "No ping floods"
		icmpv6 type echo-request limit rate over 10/second burst 4 packets drop comment "No ping floods"
		ct state established,related accept comment "Accept traffic originated from us"
		icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept comment "Accept ICMPv6"
		icmp type { destination-unreachable, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept comment "Accept ICMP"
		ip protocol igmp accept comment "Accept IGMP"

		ip protocol tcp limit rate 10/minute burst 5 packets counter packets 480722 bytes 23591287 log prefix "tcp.in.dropped: "
		ip protocol udp limit rate 10/minute burst 5 packets counter packets 455080 bytes 37039917 log prefix "udp.in.dropped: "
	}

	chain my_forward {
		type filter hook forward priority filter; policy drop;
		ct state established,related accept comment "Accept traffic originated from us"
		meta l4proto tcp counter packets 15365827 bytes 939912442 flow add @f
		meta l4proto udp counter packets 7421249 bytes 592437585 flow add @f

		ip protocol tcp limit rate 5/minute burst 5 packets counter packets 13431 bytes 698736 log prefix "tcp.forward.dropped: "
		ip protocol udp limit rate 5/minute burst 5 packets counter packets 320579 bytes 24855150 log prefix "udp.forward.dropped: "
	}

	chain my_output {
		type filter hook output priority filter; policy accept;
	}
}