Historically, iptables (and friends) has been the way to manage a firewall on linux (possibly using a gui or cli wrapper), then nftables came along and was supposed to replace iptables, but then bpfilter came along. And even after reading several blog posts about it, I'm still not really sure how bpfilter fits in. Will iptables and/or nftables just be changed to use bpf as the implementation, or will both get replaced by something else that uses eBPF to implement packet filtering? I guess what I'm really asking is, is there some project in the works to replace nftables or is nftables going to stick around for a while?