diff --git a/main/nnd-nft/APKBUILD b/main/nnd-nft/APKBUILD
index 33a28d3..3899b74 100644
--- a/main/nnd-nft/APKBUILD
+++ b/main/nnd-nft/APKBUILD
@@ -3,9 +3,14 @@
 
 . ../../APKBUILD.template
 
-pkgrel=0
+pkgrel=3
 pkgdesc="Basic generic nftables template"
 options="!check" # check requires root?
+subpackages=""
+
+for i in "$startdir"/nft/inet/nnd-base/*/*/*/*; do
+	subpackages="$subpackages $pkgname-$(echo "${i##*/nft/inet/nnd-base/}" | sed 's/\//-/g'):_mod"
+done
 
 check() {
 	msg "Checking if commands are valid"
@@ -22,3 +27,8 @@ package() {
 	mkdir -p "$pkgdir"/etc/nnd
 	cp -r "$builddir"/nft "$pkgdir"/etc/nnd/nftables
 }
+
+_mod() {
+	local _modname="${subpkgname##$pkgname-}"
+	amove etc/nnd/nftables/inet/nnd-base/"$(echo $_modname | sed 's/-/\//g')"
+}
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/all b/main/nnd-nft/nft/inet/nnd-base/filter/input/all
new file mode 100644
index 0000000..179af05
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/all
@@ -0,0 +1,5 @@
+include "inet/nnd-base/filter/input/ct/*";
+include "inet/nnd-base/filter/input/icmp/*";
+include "inet/nnd-base/filter/input/iface/*";
+include "inet/nnd-base/filter/input/udp/*";
+include "inet/nnd-base/filter/input/tcp/*";
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/established b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/established
new file mode 100644
index 0000000..c6583fa
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/established
@@ -0,0 +1 @@
+ct state established accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/invalid b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/invalid
new file mode 100644
index 0000000..9e3ce83
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/invalid
@@ -0,0 +1 @@
+ct state invalid counter drop;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/related b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/related
new file mode 100644
index 0000000..6ee0fb3
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/ct/related
@@ -0,0 +1 @@
+ct state related accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v4 b/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v4
new file mode 100644
index 0000000..39ba00c
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v4
@@ -0,0 +1 @@
+ip protocol icmp counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v6 b/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v6
new file mode 100644
index 0000000..72ed46d
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/icmp/v6
@@ -0,0 +1 @@
+ip6 nexthdr icmpv6 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/iface/lo b/main/nnd-nft/nft/inet/nnd-base/filter/input/iface/lo
new file mode 100644
index 0000000..a9bc872
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/iface/lo
@@ -0,0 +1 @@
+iifname lo accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/10809 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/10809
new file mode 100644
index 0000000..d4479ef
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/10809
@@ -0,0 +1 @@
+tcp dport 10809 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/143 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/143
new file mode 100644
index 0000000..8ef8b35
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/143
@@ -0,0 +1 @@
+tcp dport 143 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/22 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/22
new file mode 100644
index 0000000..6003683
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/22
@@ -0,0 +1 @@
+tcp dport 22 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25
new file mode 100644
index 0000000..07d08bc
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/25
@@ -0,0 +1 @@
+tcp dport 25 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/443 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/443
new file mode 100644
index 0000000..82800d2
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/443
@@ -0,0 +1 @@
+tcp dport 443 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/465 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/465
new file mode 100644
index 0000000..9e7265c
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/465
@@ -0,0 +1 @@
+tcp dport 465 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/51413 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/51413
new file mode 100644
index 0000000..d52339d
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/51413
@@ -0,0 +1 @@
+tcp dport 51413 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/53 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/53
new file mode 100644
index 0000000..e9478dc
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/53
@@ -0,0 +1 @@
+tcp dport 53 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/587 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/587
new file mode 100644
index 0000000..03def1c
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/587
@@ -0,0 +1 @@
+tcp dport 587 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/64738 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/64738
new file mode 100644
index 0000000..6baeaaf
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/64738
@@ -0,0 +1 @@
+tcp dport 64738 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/7777 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/7777
new file mode 100644
index 0000000..e9d5012
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/7777
@@ -0,0 +1 @@
+tcp dport 7777 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/80 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/80
new file mode 100644
index 0000000..516ffff
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/80
@@ -0,0 +1 @@
+tcp dport 80 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/993 b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/993
new file mode 100644
index 0000000..c58d195
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/tcp/993
@@ -0,0 +1 @@
+tcp dport 993 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/26000 b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/26000
new file mode 100644
index 0000000..d23bccc
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/26000
@@ -0,0 +1 @@
+tcp dport 26000 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51413 b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51413
new file mode 100644
index 0000000..d52339d
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51413
@@ -0,0 +1 @@
+tcp dport 51413 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51820 b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51820
new file mode 100644
index 0000000..918ff27
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/51820
@@ -0,0 +1 @@
+tcp dport 51820 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/53 b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/53
new file mode 100644
index 0000000..e9478dc
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/53
@@ -0,0 +1 @@
+tcp dport 53 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/64783 b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/64783
new file mode 100644
index 0000000..8f8a78e
--- /dev/null
+++ b/main/nnd-nft/nft/inet/nnd-base/filter/input/udp/64783
@@ -0,0 +1 @@
+tcp dport 64783 counter accept;
diff --git a/main/nnd-nft/nft/inet/nnd-base/table b/main/nnd-nft/nft/inet/nnd-base/table
index bfa4c79..c1594bb 100644
--- a/main/nnd-nft/nft/inet/nnd-base/table
+++ b/main/nnd-nft/nft/inet/nnd-base/table
@@ -1,17 +1,14 @@
 table inet nnd-base {
 	chain rxfilter {
 		type filter hook input priority 0;
-		policy reject;
-
-		ct state invalid counter drop;
-		icmpx            counter accept;
+		policy drop;
 
 		include "inet/nnd-base/filter/input/*";
 		counter reject with icmpx type admin-prohibited;
 	}
 	chain fwfilter {
 		type filter hook forward priority 0;
-		policy reject;
+		policy drop;
 		include "inet/nnd-base/filter/forward/*";
 		counter reject with icmpx type no-route;
 	}