Kmod-nft-offload -

dnf install kmod-nft-offload On Debian/Ubuntu (module may be built-in or named differently, e.g., nft-offload ):

In short, it allows certain nftables rules (e.g., forwarding, DNAT, SNAT) to be programmed directly into that supports flow offloading. How It Works Without offload: kmod-nft-offload

nft -a list ruleset # Shows rule handles Check NIC offload counters: dnf install kmod-nft-offload On Debian/Ubuntu (module may be

modprobe nft_offload Verify:

nft add table netdev filter nft add chain netdev filter forward type filter hook forward priority 0\; nft add rule netdev filter forward ip daddr 192.168.2.0/24 oif eth1 offload accept The offload keyword is what triggers the kernel to attempt hardware programming. nft-offload ): In short

With kmod-nft-offload + compatible hardware: