On 2026-01-19, Dan Ritter wrote: > It is also true that iptables was re-implemented as a front-end > to nft in a previous Debian Stable release, so if you don't want > any of the new nft features, you can continue using iptables > as-is.
iptables-nft can be used to generate nftables rules. But it is intend to ease a migration from iptables to nftables. And it is dangerous to mix the use of iptables and nftables. So, as you said, if someone want to stay on iptables he should use plain iptables (the binary behind is now iptables-legacy). https://wiki.nftables.org/wiki-nftables/index.php/Moving_from_iptables_to_nftables
