Comment 7 for bug 1571579

Thanks for the feedback. It's true that nft is the future and it's also true that there is a ton of software out there that uses iptables. This is why iptables upstream made the wise choice to rearchitect iptables for 1.8 to continue to support the historic, legacy xtables backed while giving the user the ability to use the new nft backend while keeping the command line interface the same with either. ufw still uses iptables under the hood (which is fine for its current feature set).

Ubuntu 20.04 LTS and newer has iptables 1.8 and you are free to choose either the nft or the legacy backends via the 'update-alternatives' mechanism. ufw will then follow the system preference of backend and is confirmed to work with either (and CI/CD verifies this with new builds). Ubuntu 20.04 LTS defaults to legacy while 21.04 and newer default to nft.

As for rule sets, I agree if/when ufw implements the feature natively, it would need to consider working with either backend and that could be the time to implement the nftables backend. Despite ufw not natively supporting the feature, you can still use take advantage of ipsets/nftables sets by utilizing the ufw framework as details in comment #2 (which can be updated easily enough for nftables sets if you prefer the nft backend).

I'll also note the the main focus of ufw is as a bastion firewall and making it easy to configure for that. While it has historically and continues to function very well in that regard, it does offer some additional features for a routing firewall and its framework allows people to extend it further.