-------------------------------------------------------------------------------
NFT Tables

systemctl status nftables

# Examine Tables
  nft list tables
  nft list table inet filter

  nft insert rule inet filter input tcp dport 22 accept


      chains (default):  input, forward, and output
        names are not actually important
      type: filter,  nat,  route
      hook:  prerouting, input, output, forward, postrouting
      priority: ordering of chains
      policy: the default action of a chain on no match

    The 'hook' priority determines where each chain in each table
    is 'hooked' into the processing system, and what its default policy is

# Or turn it off
systemctl stop nfttables


-------------------------------------------------------------------------------
Translate iptables to ntftabls:  iptables-restore-translate

  # Looking
  nft list tables
  nft list chains
  nft list table ip firewall

  # initial add and remove  (-a add 'handle' numbers for removal)
  nft -n -a list table ip firewall
  nft insert rule ip firewall INPUT tcp dport http accept
  nft delete rule firewall INPUT handle 4    # delete last using handle

  # add new rule and change policy
  nft insert rule ip filter INPUT tcp dport \
      { ssh, http, https, 8181 } accept
  nft add chain ip filter INPUT \
      { type filter hook input priority 0\; policy drop\; }

  # Remove rules (first policy, then rule - do not remove access!)
  nft add chain ip filter INPUT \
      { type filter hook input priority 0\; policy accept\; }
  nft delete rule filter INPUT handle 6


Switch over to using "nfttables.conf" only
Config "/etc/sysconfig/ntftables.conf"

   systemctl stop firewalld
   systemctl disable firewalld
   systemctl mask firewalld
   nft flush ruleset            # clear tables
   systemctl enable --now nftables

NOTE: Stopping firewalld does NOT clear the configuration
It is still present, and will re-appear if firewalld is restarted

-------------------------------------------------------------------------------