Replace iptables with nftables?

Since nftables is the strongly preferred firewall tool in Debian 10, and seems to me better suited (than iptables) to on-the-fly modification by fail2ban and similar, is that on the list for future versions of Sympl?

(it would also clear up the iptables-legacy issue mentioned in another topic)

Yep, it’s certainly on the list to look into as a replacement for the existing iptables integration, as it’ll become harder to maintain as Debian moves on.