nftables vs pf IPv4 filtering tests as a firewall. source: https://www.uv.es/cuan/vyos_bsdrp/ This is a basic benchmark. That's because in "real world" most of the packets that goes throuh a firewall are related to a previous connection and here I'm testing packets no related to a previous connection. All the packets must go through all the ruleset until last rule. Linux vyos 1.2.3 with nftables Linux only forwards 6Mpps without any rule instead of 12Mpps that can forward FreeBSD . That seems to be a mellanox driver queue balancing because it only uses 12 cores at 100% and the other cores are idle. FreeBSD tests uses all 24 cores. The number of cores that use linux depends of the range of source IP/destination IP in a test. Using 10 IPs in the range I only get 6 cores but adding more IPs in the range I got more cores used. I think that in a real world with a lot of source IP /destination IP queues wil be better ballanced. The performance of