Almost every Linux administrator is familiar with and has used iptables, which is a firewall for Linux systems. But you may not be familiar with nftables, which is a new firewall that provides us with some necessary upgrades and may replace iptables. The following are the details:
Why use nftables?
nftables was developed by Netfilter, the organization that currently maintains iptables. nftables was created to address some performance and scaling issues with iptables.
Apart from new syntax and some upgrades, nftables functions almost the same as iptables. Another reason for introducing nftables is that the framework of iptables has become a bit complicated. iptables, ip6tables, arptables and ebtables all have different but similar functions.
For example, creating IPv4 rules in iptables and IPv6 rules in ip6tables and keeping them in sync is very inefficient. Nftables aims to replace all of these into one centralized solution.
Although nftables has been included in the Linux kernel since 2014, it has grown in popularity recently as adoption has expanded. Changes are slow in the Linux world, and it often takes a few years or more for outdated utilities to be phased out and replaced with upgraded ones.
Chains and rules in nftables
In iptables, there are three default chains: input, output and forwarding. These three "chains" (and others) contain "rules", and iptables works by matching network traffic to the list of rules in the chains. If the traffic being inspected does not match any of the rules, the chain's default policy will be used for the traffic (i.e. ACCEPT, DROP).
Nftables work similarly, there are also "chains" and "rules". However, it starts without any underlying chain, which makes configuration more flexible.
One aspect of iptables' inefficiency is that all network data must traverse one or more of the aforementioned chains, even if the traffic does not match any rules. Whether or not you have chains configured, iptables will still check your network data against them.