I’ll pick nftables over iptables any day, it’s leagues better (granted, it’s not hard). The nftables wiki is great, as the syntax and modules are documented in a single easy to read page.

As an added bonus, you get atomic updates of all chains for free.

Granted, for simple usecases, ufw or firewalld may be simpler though.

▲

sgt 7 hours ago | parent [-]

Definitely an upgrade over iptables. I kinda miss ipchains though.

	▲	pak9rabid 5 hours ago \| parent [-]
		You can still use the iptables interface for nftables rules if you'd like, but I think you miss out on things like atomic application of rulesets, ranges, lists, and variables (not shell variables).