I trying to secure my home network with OpenWRT routers. In this context I started to customize my iptables rules to my needs and found some iptables concepts hard to understand.
I’ve discovered that nftables is the NEXT big change in firewall software for Linux based systems (as of ~3.18), replacing iptables which is hard to use or inefficient. More recently, I’ve learnt bpfilter is being merged into Linux 4.18 and it is a “Better Firewall / Packet Filtering” also meant to replace iptables.
Now, I’m quite confused: could you point me to a simple one paragraph description of each technology, nftables/netfilter vs bpfilter? Are they both trying to solve the same problem / do they overlap? Is there any relationship between the two? I am looking for a short description of each that helps me understand when to use one or the other.