Current situation
The program currently relies on nftables as its netfilter backend.
Why this is problematic for Android
On standard Android kernels (including AOSP and vendor kernels from Google, Samsung, Xiaomi, etc.), CONFIG_NF_TABLES is almost always disabled. The Android kernel team has chosen eBPF as the forward-looking technology for packet filtering, not nftables.
Additionally, the nft binary is absent on the vast majority of rooted Android devices.
What is actually available
The same kernel configuration shows that:
CONFIG_NETFILTER_XTABLES=y – full iptables (legacy) support is present
CONFIG_BPF_SYSCALL=y – eBPF is available and can be used as a modern alternative
Recommendation
For portable Android support, consider one of the following:
- Use iptables (legacy) as the primary backend - it exists on virtually every Android device with netfilter enabled.
- Use eBPF directly - modern, performant, and aligned with Android's own roadmap.
Relying on nftables alone effectively locks out most Android users without any technical benefit, as there is no Android-specific advantage to nftables over iptables in this context.
Current situation
The program currently relies on nftables as its netfilter backend.
Why this is problematic for Android
On standard Android kernels (including AOSP and vendor kernels from Google, Samsung, Xiaomi, etc.), CONFIG_NF_TABLES is almost always disabled. The Android kernel team has chosen eBPF as the forward-looking technology for packet filtering, not nftables.
Additionally, the nft binary is absent on the vast majority of rooted Android devices.
What is actually available
The same kernel configuration shows that:
Recommendation
For portable Android support, consider one of the following:
Relying on nftables alone effectively locks out most Android users without any technical benefit, as there is no Android-specific advantage to nftables over iptables in this context.