i use shorewall on my a linux computer i use as a router for my home, but shorewall is not maintained anymore, and I wanted to migrate to nftables.
this was my excuse to start working on this project, https://github.com/elee1766/matchstick
it is a tool where you write lua code that gets "compiled" into an nftables table, which can be then loaded. the idea is that this is much easier to read than say, manually writing out nftables rules, and enjoy some lua language features, vs using something like ufw or firewalld where the syntax is much more esoteric.
i thought nim would be a good fit for this project, because i wanted to embed modern lua directly into the binary, and so a compilation to c together with the vendored lua source felt like something cool to do.
i still have more work and testing to do before i think its ready to be used as my public facing firewall, but i've been happy with it to a point where i've been using it as a ufw replacement for my personal computer and a few other computers in my internal network.
this is my first time doing any serious nim work, personally i'm not particularly happy with how im handle the json encoding/decoding. i come from go and it's done rather differently there.
and my iptables and nftables experience is limited to my personal usage, if anyone has their own ufw, shorewall, iptables, or nftables configurations, i would love to also be able to see them and test out how things work compared to them.
i also took advantage of the c code to use emscripten to build the tool into wasm so it could be tested in the browser: https://elee1766.github.io/matchstick/playground/
any input would be appreciated! the nim development experience has been great, and the language is very cool and well documented.