Kmod-nft-offload May 2026

To appreciate what this module does, it helps to understand the "fast path" vs. "slow path" architecture:

Not all NICs support flow offloading. You generally need enterprise-grade hardware from vendors like Mellanox (Nvidia), Intel, or Netronome. kmod-nft-offload

table inet filter { flowtable f { hook ingress priority 0 devices = { eth0, eth1 } } chain forward { type filter hook forward priority 0; policy accept; ip protocol { tcp, udp } flow offload @f } } Use code with caution. When to Use It To appreciate what this module does, it helps

Your firewall rules must be written to support the flowtable directive. A typical configuration looks like this: To appreciate what this module does

High-traffic gateways that move massive amounts of data between networks.