The Nftables is a project that provides packet filtering and packet classification in Linux, which replaces the existing frameworks iptables, iptables, arptables and ebtables. This would be a combination of Linux kernel components and a command line utility in user space. Today this software helps us to control everything with better performance and a syntax more adapted to the times, called nftables and we can already find it in our Debian 10.
Nftables reuses classic parts of the Netfilter infrastructure, such as the connection tracking system, the user space packet dispatch subsystem (nf_queue), and the logging subsystem (nf_log), among others. There is also a translation and compatibility layer to make it easier to work on existing iptables rules.
Nftables enhancements
The Nftables have and were created with several objectives such as:
▸Improve the syntax.
▸Improve mechanism for updates to the rule set. This task in iptables is very expensive and not very scalable.
▸Avoid duplication and inconsistency in the source code. Many iptables extensions were duplicated with minor changes to interact with different network protocols.
▸Improve support for data sets and mapping.
Of course it has many others that you can discover as you become familiar with it and which could impress you but that can be decided little by little.
