What's better about Nftables than iptables?

What’s better about Nftables than iptables? Why did they start using it in 4.2?


I was also curious, so went digging:

RedHat article that the nftables project links to, containing several reasons.

Qubes ticket for the change, with summary reasons.

Firewall documentation, which was updated as part of the change.


Also, and this is important, both Fedora and Debian have migrated to
nftables - in Debian, some years back.
nftables is just better ™

I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.

1 Like