nftables.conf

table inet filter {
	chain input {
		type filter hook input priority filter; policy drop;
		ct state { established, related } accept
		iif "lo" accept
		iifname "docker0" accept
		ct state invalid drop
		ip6 nexthdr ipv6-icmp icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, mld-listener-query, mld-listener-report, mld-listener-done, nd-router-solicit, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, ind-neighbor-solicit, ind-neighbor-advert, mld2-listener-report } accept
		ip protocol icmp icmp type { destination-unreachable, router-advertisement, router-solicitation, time-exceeded, parameter-problem } accept
		ip protocol igmp accept
		ip protocol udp ct state new jump UDP
		ip protocol tcp tcp flags & (fin | syn | rst | ack) == syn ct state new jump TCP
		ip protocol udp reject
		ip protocol tcp reject with tcp reset
		meta nfproto ipv4 counter packets 0 bytes 0 reject with icmp type prot-unreachable
	}

	chain forward {
		type filter hook forward priority filter; policy drop;
		iifname "docker0" oifname != "docker0" accept
		oifname "docker0" ct state { established, related } counter packets 0 bytes 0 accept
	}

	chain TCP {
		tcp dport 22 accept
		tcp dport 8080 accept
		tcp dport 1714-1764 accept
		tcp dport 22 accept
		tcp dport 8080 accept
		tcp dport 1714-1764 accept
	}

	chain UDP {
		udp dport 1714-1764 accept
		udp dport 5353 accept
		udp dport 1714-1764 accept
		udp dport 5353 accept
		udp dport 500
		udp dport 4500
	}

	chain output {
		type filter hook output priority filter; policy accept;
	}
}
table ip dockernat {
	chain docker {
		iifname "docker0" return
	}

	chain prerouting {
		type nat hook prerouting priority filter; policy accept;
		fib daddr type local jump docker
	}

	chain output {
		type nat hook output priority filter; policy accept;
		ip daddr != 127.0.0.0/8 fib daddr type local jump docker
	}

	chain postrouting {
		type nat hook postrouting priority srcnat; policy accept;
		oifname != "docker0" ip saddr 172.17.0.0/16 masquerade
	}
}