Description
nf_tables programming support helps firewall and NAT tools configure Linux packet-filtering rules through a library interface. The full-cone patch is relevant for specialized NAT behavior in compatible setups.
This is a low-level networking library, not a firewall policy by itself. Incorrect rules can break connectivity or expose services, so changes should be tested with a recovery path.