Nftables Sitrep

October 20, 2021

In April I decided to switch the firewalls for my laptop and a couple of servers from iptables to nft and nftables.

After several months of use I can report that the experience has been positive.


  • Simple declarative configuration file. No more hacky shell scripts.
  • Atomic (all or nothing) ruleset changes.
  • Faster ruleset changes.
  • Built-in JSON support.


  • Occasionally finicky parser.
  • Remapping IP ranges can be more verbose than iptables.

The detauls are a bit long for a blog post (even for me!), so they are available as a separate “Nftables Examples” article instead.