Does anyone know if [Shorewall](http://shorewall.org/) has plans to support nftables, or is it staying on iptables for now?
While I'm excited to hear about a simplified abstraction at the kernel level, for most setups I've had to configure, I really like the highlevel abstraction it provides.
I've used shorewall for some time. As a matter of fact, installed it on my recent laptop as well (archlinux). But till now I didn't like quite often config file format changes, because of which I needed to figure out how to change current config to match the latest one. PF in this regard was more consistent and more readable and didn't requre to use anything on top of it. Then again - I never needed very complex FW rules.
While I'm excited to hear about a simplified abstraction at the kernel level, for most setups I've had to configure, I really like the highlevel abstraction it provides.