(network) moved dnsmasq configuration to examples/network, added

`nftables.conf`

examples/network/nftables.conf

@@ -0,0 +1,40 @@
+#!/usr/sbin/nft -f
+
+# example configuration for a router
+
+define loop_interface = "lo"
+define wan_interface = "enp0s0"
+define lan_interface = "enp1s0"
+define local_network = 192.168.1.0/24
+
+flush ruleset
+
+table ip routing {
+    chain masquerading {
+        type nat hook postrouting priority 100; policy accept;
+        ip saddr { $local_network } ip daddr != { $local_network } oifname { $wan_interface } masquerade
+    }
+}
+
+table inet filter {
+    chain input {
+        type filter hook input priority 0; policy drop;
+        iif { $loop_interface } accept
+        iif { $lan_interface } accept
+        ct state { related, established } accept
+        ct state invalid drop
+        meta l4proto icmp accept
+        icmp type echo-request limit rate 5/second accept
+    }
+
+    chain output {
+        type filter hook output priority 0; policy accept;
+    }
+
+    chain forward {
+        type filter hook forward priority 0; policy drop;
+        ct state { related, established } accept
+        ct state invalid drop
+        iif { $lan_interface } accept
+    }
+}

network.md

@@ -91,11 +91,11 @@ table inet filter {
 
 ### starting the routing system
 
-Enable the services for `dnsmasq` and `nftables`.
+Enable the services for `dnsmasq`, `nftables` and the network manager of choice.
 On a system with `systemd` use:
 
 ```sh
-sudo systemd enable --now dnsmasq nftables
+sudo systemd enable --now dnsmasq nftables <network-manager-of-choice>
 ```
 
 Enable routing in the kernel, see [Enable routing](#enable-routing).