nft (nftables command-line interface)

nftables is the project that aims to replace the existing {ip,ip6,arp,eb}tables
framework. Basically, this project provides a new packet filtering framework, a
new userspace utility and also a compatibility layer for {ip,ip6}tables.
nftables is built upon the building blocks of the Netfilter infrastructure such
as the existing hooks, the connection tracking system, the userspace queueing
component and the logging subsystem.

In order to use nft, you need a Linux kernel >= 3.14 with nftables configured;
however at least one feature of nft 0.5 requires >= 4.2.

There is a comprehensive HOWTO for nftables at
http://wiki.nftables.org/wiki-nftables/index.php/Main_Page

nftables is currently under development, so for experimenters only!