The primary reason I stick to iptables instead of nft is that I already learned iptables decades ago, and some software I interact with still defaults to iptables and/or does not have full support for nft.

Why do you doubt the sanity of people sticking to iptables? What makes nft compelling?

▲

hurricanepootis 2 hours ago | parent | next [-]

There is iptables-nft, which is iptables with an NFT backend.

▲

0xCMP 6 hours ago | parent | prev [-]

My main reason is that nft applies configs atomically. It also has very good tracing/debugging features for figuring out how and why things aren't working as expected.

That said, I think many distros are shipping `iptables` as the wrapper/compatibility layer over nft now anyways.

	▲	znpy 5 hours ago \| parent [-]
		as somebody that's not a network engineer by day and has barely grokked iptables, could you recommend some resources for learning nftables ?