I understand what you mean. I was strictly referring to the user interaction with the firewall. Nftables seems easier than iptables, but not as easy as UFW or VyOS.
Doesn't VyOS run an EOL operating system with core packages that are years out of date? I spun up a test server to check it out. I don't see anything on their website about updating it and running "apt-get update/upgrade" just throws errors.
Why would I want an edge security device running something like that?
you can add debian repos but be careful you may break something updating packages. They are currently working on an update to the current version 1.1.7 to 1.2.0. Development was pretty active but as of the last year it's been slower.
It seems to me like it would be easier to build a good UI on top of nftables than it would be to build the same thing on top of iptables. For example support for atomic rule replacement is something which should benefit higher level UIs.
If you have to use it on a regular Linux box, I prefer UFW.
Though, it looks like nftables has finally a nicer syntax than iptables making wrappers like UFW unecessary.