If you need to log every packet for security, offloading will hide that traffic from the logger. 🔧 How to Enable It
make M=net/netfilter/ modules insmod net/netfilter/nft_offload.ko kmod-nft-offload
| Metric | Software nftables | With kmod-nft-offload | |--------|------------------|--------------------------| | PPS (64B packets) | ~1-2 Mpps | (hardware-dependent) | | CPU usage | 100% (one core) | ~0% for forwarded packets | | Latency | Microseconds | Nanoseconds (wire speed) | If you need to log every packet for