{
  "slug": "firewall-nft-input-policy",
  "title": "Show the nftables Input Chain",
  "fixture": "containers/firewall-exposure-lab",
  "command_count": 2,
  "container_tool": "docker",
  "image": "localhost/linuxoneliners-lab:latest",
  "exit_code": 0,
  "elapsed_ms": 192,
  "stdout": "::fixture-ready::\n$ nft list ruleset\ntable inet filter {\n  chain input {\n    type filter hook input priority 0; policy drop;\n    ct state established,related accept\n    iif \"lo\" accept\n    tcp dport 22 ip saddr 203.0.113.0/24 accept\n    tcp dport { 80, 443 } accept\n    tcp dport 25 accept\n    tcp dport 5432 drop\n  }\n}\n::exit-code::0\n$ nft list ruleset | sed -n '/chain input/,/}/p'\n  chain input {\n    type filter hook input priority 0; policy drop;\n    ct state established,related accept\n    iif \"lo\" accept\n    tcp dport 22 ip saddr 203.0.113.0/24 accept\n    tcp dport { 80, 443 } accept\n::exit-code::0\n",
  "stderr": "",
  "ok": true,
  "security": {
    "network": "none",
    "capabilities": "dropped",
    "no_new_privileges": true,
    "memory": "256m",
    "cpus": "1",
    "pids_limit": 128,
    "tmpfs": [
      "/tmp",
      "/var"
    ]
  }
}