diff --git a/docs/configurations/nftables.conf b/docs/configurations/nftables.conf
new file mode 100644
index 0000000..b3be724
--- /dev/null
+++ b/docs/configurations/nftables.conf
@@ -0,0 +1,103 @@
+#!/usr/sbin/nft -f
+
+define int_if1 = ens33
+
+flush ruleset
+
+table ip filter {
+	chain INPUT {
+		type filter hook input priority 0; policy drop;
+		iifname "lo" counter packets 0 bytes 0 accept
+		ip saddr 127.0.0.0/8 counter packets 0 bytes 0 drop
+		ip protocol tcp ct state established counter packets 0 bytes 0 accept
+		ip protocol udp ct state established counter packets 0 bytes 0 accept
+		ip protocol icmp ct state established counter packets 0 bytes 0 accept
+		ip protocol icmp ct state related counter packets 0 bytes 0 accept
+		limit rate 3/minute counter packets 0 bytes 0 log prefix "SFW2-IN-ILL-TARGET " flags tcp options flags ip options
+		iifname $int_if1 tcp flags & (fin | syn | rst | ack) != syn ct state new limit rate 5/minute burst 7 packets counter packets 0 bytes 0 log prefix "Drop Syn"
+		iifname $int_if1 tcp flags & (fin | syn | rst | ack) != syn ct state new counter packets 0 bytes 0 drop
+		iifname $int_if1 ip frag-off & 8191 != 0 limit rate 5/minute burst 7 packets counter packets 0 bytes 0 log prefix "Fragments Packets"
+		iifname $int_if1 ip frag-off & 8191 != 0 counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | syn | rst | psh | ack | urg) == fin | psh | urg counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | syn | rst | psh | ack | urg) == fin | syn | rst | psh | ack | urg counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | syn | rst | psh | ack | urg) == 0x0 limit rate 5/minute burst 7 packets counter packets 0 bytes 0 log prefix "NULL Packets"
+		iifname $int_if1 tcp flags & (fin | syn | rst | psh | ack | urg) == 0x0 counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (syn | rst) == syn | rst counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | syn) == fin | syn limit rate 5/minute burst 7 packets counter packets 0 bytes 0 log prefix "XMAS Packets"
+		iifname $int_if1 tcp flags & (fin | syn) == fin | syn counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | ack) == fin limit rate 5/minute burst 7 packets counter packets 0 bytes 0 log prefix "Fin Packets Scan"
+		iifname $int_if1 tcp flags & (fin | ack) == fin counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp flags & (fin | syn | rst | psh | ack | urg) == fin | syn | rst | ack | urg counter packets 0 bytes 0 drop
+		iifname $int_if1 tcp dport 137-139 counter packets 0 bytes 0 reject
+		iifname $int_if1 udp dport 137-139 counter packets 0 bytes 0 reject
+		icmp type source-quench counter packets 0 bytes 0 accept
+		tcp dport ssh ct state new counter packets 0 bytes 0 accept
+		udp dport ntp ct state new counter packets 0 bytes 0 accept
+		udp dport bootpc ct state new counter packets 0 bytes 0 accept
+		tcp dport http ct state new counter packets 0 bytes 0 accept
+		icmp type echo-request ct state established,related,new counter packets 0 bytes 0 accept
+		counter packets 0 bytes 0 log
+		counter packets 0 bytes 0 drop
+	}
+
+	chain FORWARD {
+		type filter hook forward priority 0; policy drop;
+		limit rate 3/minute counter packets 0 bytes 0 log prefix "SFW2-FWD-ILL-ROUTING " flags tcp options flags ip options
+		counter packets 0 bytes 0 log
+	}
+
+	chain OUTPUT {
+		type filter hook output priority 0; policy drop;
+		oifname "lo" counter packets 0 bytes 0 accept
+		ip protocol tcp ct state established,new counter packets 0 bytes 0 accept
+		ip protocol udp ct state established,new counter packets 0 bytes 0 accept
+		ip protocol icmp ct state established,new counter packets 0 bytes 0 accept
+		icmp type echo-request counter packets 0 bytes 0 accept
+		icmp type echo-reply ct state established,related counter packets 0 bytes 0 accept
+	}
+
+	chain LOGDROP {
+		counter packets 0 bytes 0 log
+		counter packets 0 bytes 0 drop
+	}
+}
+
+
+table ip nat {
+	chain PREROUTING {
+		type nat hook prerouting priority -100; policy accept;
+	}
+
+	chain INPUT {
+		type nat hook input priority 100; policy accept;
+	}
+
+	chain POSTROUTING {
+		type nat hook postrouting priority 100; policy accept;
+	}
+
+	chain OUTPUT {
+		type nat hook output priority -100; policy accept;
+	}
+}
+table ip mangle {
+	chain PREROUTING {
+		type filter hook prerouting priority -150; policy accept;
+	}
+
+	chain INPUT {
+		type filter hook input priority -150; policy accept;
+	}
+
+	chain FORWARD {
+		type filter hook forward priority -150; policy accept;
+	}
+
+	chain OUTPUT {
+		type route hook output priority -150; policy accept;
+	}
+
+	chain POSTROUTING {
+		type filter hook postrouting priority -150; policy accept;
+	}
+}