The last few days i have done the computer with the most complicated firewall settings. It have Ipv4 NAT and Hurricane electric IPv6 tunnel. It is forwarding packets to some of my other computers. Like this website. There are two good things with nftables. It checks the config file before it applies it. And when it applies the new config it happens fast. With Iptables you had to write a script that ran iptables for every rule. Could take a long time if you have a long blacklist. Nftables can handle both IPv4 and IPv6 with the same rules. It is obvious that if you want to open a port you want to that for both IPv4 and IPv6.