nf_tables is the new firewalling infrastructure in the Linux kernel,
intended to replace ip_tables, ip6_tables, arp_tables and ebtables in
the long term. nftables is the corresponsing userspace frontend,
replacing their respective userspace utilities.

nftables features native support for sets and dictionaries of
arbitrary types, support for many different protocols, meta data
types, connection tracking, NAT, logging, atomic incremental and full
ruleset updates.