From e6d4769956875837a7af7e29b9f25312cec2aa3f Mon Sep 17 00:00:00 2001
From: Logan Fick <logan@logal.dev>
Date: Tue, 16 Dec 2025 09:20:07 -0500
Subject: [PATCH] Added rule for rejecting outbound HTTP/3 connections.

---
 etc/nftables.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/etc/nftables.conf b/etc/nftables.conf
index 18ead68..a18e7dd 100644
--- a/etc/nftables.conf
+++ b/etc/nftables.conf
@@ -25,6 +25,7 @@ table inet filter {
 		ct state invalid counter drop comment "drop invalid"
 		meta l4proto { icmp, ipv6-icmp } counter accept comment "accept ICMP"
 
+		udp dport https ct state new counter reject comment "reject new HTTP/3 connections"
 		ct state new counter accept comment "accept new outbound connections"
 
 		counter comment "count any other dropped traffic"