nftables is the biggest change in the linux firewalling system in more than a decade.
It promises simplified rulesets, unification of IPv4/IPv6 rules and superior performance to iptables. It also allows backward compatibility with iptables rules. There may be benefits to switching but also reasons for not: if it ain't broke don't fix it. Nonetheless its some food for thought.
Supported in recent kernels 3.13+ and packaged in Debian for Jessie and up.
IPv6 is coming in Tor:
* more importantly: https://trac.torproject.org/projects/tor/ticket/17217
* Work at upstream Tor: An older version of https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy page was the origin of Whonix. Update that page for nftables / IPv6 support without mentioning Whonix. Then discuss that on the tor-talk mailing list for wider input.
* implement corridor feature request `add IPv6 support / port to nftables` - https://github.com/rustybird/corridor/issues/39
* port #whonix-gw-firewall to nftables
* port #whonix-ws-firewall to nftables
* make connections to IPv6 Tor relays work
* make connections to IPv6 destinations work