I have put the first part of the wiki article up, still a lot to write though. Will add more later, aiming to finish by the end of the weekend. I am in the GMT + 8 timezone and it is time for siesta (and being a weekend, a beer as well)

On Fri, 23 Nov 2018 at 22:26, Keith Williams <keithwilliamsnp@gmail.com> wrote:

I'm not sure how many people have made the transition from iptables to nftables.

I have just done so on one VPS, had a couple of minor hiccups on the way but am very pleased with the result. Easy to do and the much more human-readable and simplified syntax make it easy to read and maintain. I particularly like the way that you just write one set of rules for ipv4 and ipv6 and that as sets are built in it avoids all the problems involved in making a table with sets reboot safe.

I was toying with doing a wiki page to share the experience and tips that I picked up, but wiki syntax seems harder to fathom than nftables syntax. I did a lot of googling on the issue but many of the How-To sites were either contradictory, totally missing the new features (iptables rules translated line by line and not taking advantage of new features), downright wrong or rip-off copies of official documentation.

Keith