Nftables, abbreviated as "netfilter tables," represents a contemporary replacement for iptables, specifically crafted to align with the requirements of modern networking environments.

Starting with iptables version 1.8.0, it supports a new mode (a.k.a iptables-nft) that uses nftables APIs of the kernel while preserving the same original iptables user-facing API. Most of the linux distributions now-a-days allow us to use iptables-nft or iptables-legacy but default to iptables-nft.

This epic captures the changes necessary in various Submariner components for supporting Nftables based platforms.

Submariner componenets (e.g: GlobalNet) should be updated to use new packet filtering componenet, the packet filtering should provide generic (not iptables specific) API to manipulate packets traffic.

The packert filtering will use pluggable drivers (nftables,iptables) .

The plan is to deliver first Submariner with packet filtering iptables support  and next enhance it to support nftables .