There is "iifname "wwan*" drop" defined in 01_wwan.nft, which drops
any not "established, related" incoming packet from WWAN.
[ci:skip-build]: already built successfully in CI
Installs nftables config useful for pmOS::
1) drop all connections to wwan* (wildcard matching supported, are there
any other wwan iface names that wouldn't match this?)
2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but
doesn't hurt..), allow DHCP on usb*
3) allow all incoming connections on usb* (with the -openusb subpackage)
4) enable logging all nftable events (with the -log subpackage), very
useful for debugging
fixes#1024