Kmod-nft-offload May 2026

Not every nftables rule qualifies. kmod-nft-offload typically supports:

What cannot be offloaded?

To use nft-offload, you define a flowtable in your nftables configuration and associate it with a specific network interface.

Example nft configuration syntax:

table ip filter 
    # 1. Define the flowtable
    flowtable f1 
        hook ingress priority 0;
        devices =  eth0, eth1 ;

chain forward 
    type filter hook forward priority 0; policy accept;
# 2. Standard policy
    ct state established, related accept
# 3. Offload the established connection to the hardware
    # The 'offload' keyword triggers the hardware offload
    meta l4proto tcp ct state established flow add @f1 accept

What happens here?

Turn on the hardware offload feature for your interface.

sudo ethtool -K eth0 hw-tc-offload on
sudo ethtool -K eth1 hw-tc-offload on

Even with supported hardware, offload can fail silently. Here are common pitfalls:

While the kernel already supports NETDEV_OFFLOAD for nftables, not all distributions build it into the kernel. This module provides a standalone, loadable alternative – no need to recompile your kernel. Just modprobe kmod-nft-offload and offload is ready. kmod-nft-offload

References and further reading

Related search suggestions (If you want additional search terms I can generate for deeper research, tell me and I’ll provide them.)

Instead, the "useful article" you need is one that explains Hardware Offloading for NFTables. Not every nftables rule qualifies

Below is a comprehensive article-style guide regarding kmod-nft-offload, explaining what it is, why you need it, and how to use it.

sudo modprobe kmod-nft-offload

Get instant quote
How it works On-demand, custom manufacturing Capabilities Prototypes and production parts Industries Join thousands of industry leaders developing revolutionary products with Protolabs Network Materials Protoypes and production parts Resources All you need to know about digital manufacturing Company Learn about who we are and how it all started

Get instant quote
Sign in Create an account

EN
Language
English Deutsch Francais Nederlands

Not every nftables rule qualifies. kmod-nft-offload typically supports:

What cannot be offloaded?

To use nft-offload, you define a flowtable in your nftables configuration and associate it with a specific network interface.

Example nft configuration syntax:

table ip filter 
    # 1. Define the flowtable
    flowtable f1 
        hook ingress priority 0;
        devices =  eth0, eth1 ;

chain forward 
    type filter hook forward priority 0; policy accept;
# 2. Standard policy
    ct state established, related accept
# 3. Offload the established connection to the hardware
    # The 'offload' keyword triggers the hardware offload
    meta l4proto tcp ct state established flow add @f1 accept

What happens here?

Turn on the hardware offload feature for your interface.

sudo ethtool -K eth0 hw-tc-offload on
sudo ethtool -K eth1 hw-tc-offload on

Even with supported hardware, offload can fail silently. Here are common pitfalls:

While the kernel already supports NETDEV_OFFLOAD for nftables, not all distributions build it into the kernel. This module provides a standalone, loadable alternative – no need to recompile your kernel. Just modprobe kmod-nft-offload and offload is ready.

References and further reading

Related search suggestions (If you want additional search terms I can generate for deeper research, tell me and I’ll provide them.)

Instead, the "useful article" you need is one that explains Hardware Offloading for NFTables.

Below is a comprehensive article-style guide regarding kmod-nft-offload, explaining what it is, why you need it, and how to use it.

sudo modprobe kmod-nft-offload