A new RFC for Netfilter/nftables arrived recently in the netfilter-devel mailing list [1], introducing flexible math operation support for network packet fields. This could solve some migration problems from iptables to nftables and in addition empower other use-cases.
This demo will quickly show how it works with simple real-world scenarios.
[1] https://lore.kernel.org/netfilter-devel/20250923152452.3618-1-fmancera@suse.de/