There is no versus – nftables will be successor of iptables. You might know ebtables, iptables, ip6tables, arptables – in future there will be an abstraction layer forĀ ipv4, ipv6, arp, bridge hazzle to enable icmp ping only for example and further nice firewall rules. For easier upgrade there are translation-wrapper existing to move from iptables…