nftables is actually kinda cool and much friendlier than iptables i used to think otherwise until i actually tried doing stuff with it like, it still could be better if it wasn't invented by golangers who seem to never have heard of *intuitive config syntax* (coredns and caddy suffer from this too lol), but it's definitely a huge improvement over ipt