nftables is the biggest change in the linux firewalling system in more than a decade.
It promises simplified rulesets, unification of IPv4/IPv6 rules and superior performance to iptables. It also allows backward compatibility with iptables rules. There may be benefits to switching but also reasons for not: if it ain't broke don't fix it. Nonetheless its some food for thought.
Supported in recent kernels 3.13+ and packaged in Debian for Jessie and up.
IPv6 is coming in Tor:
corridor feature request:
`add IPv6 support / port to nftables` - https://github.com/rustybird/corridor/issues/39