Kmod-nft-offload [verified] -

Not all NICs support flow offloading. You generally need enterprise-grade hardware from vendors like Mellanox (Nvidia), Intel, or Netronome.

High-traffic gateways that move massive amounts of data between networks.

Modern Linux kernels (5.x and above) have the core infrastructure, but the specific kmod package ensures all dependencies are met for your specific distribution. kmod-nft-offload

Hardware is purpose-built for packet switching. Offloading allows systems to reach line-rate speeds (e.g., 10Gbps, 40Gbps, or 100Gbps) that might otherwise saturate a standard CPU.

Processing packets in specialized silicon is generally more power-efficient than using general-purpose CPU cycles. Prerequisites and Compatibility Not all NICs support flow offloading

Your firewall rules must be written to support the flowtable directive. A typical configuration looks like this:

table inet filter { flowtable f { hook ingress priority 0 devices = { eth0, eth1 } } chain forward { type filter hook forward priority 0; policy accept; ip protocol { tcp, udp } flow offload @f } } Use code with caution. When to Use It Modern Linux kernels (5

Understanding kmod-nft-offload : Boosting Network Performance with Hardware Acceleration

As networking demands continue to scale, the role of hardware acceleration becomes more vital. kmod-nft-offload provides a stable, enterprise-ready way to leverage the power of modern NICs, ensuring that your Linux infrastructure remains fast, responsive, and efficient under even the heaviest traffic loads. Kmod-nft-offload Apr 2026