With kmod-nft-offload + compatible hardware:
nft add table netdev filter nft add chain netdev filter forward type filter hook forward priority 0\; nft add rule netdev filter forward ip daddr 192.168.2.0/24 oif eth1 offload accept The offload keyword is what triggers the kernel to attempt hardware programming. kmod-nft-offload
apt install linux-modules-extra-$(uname -r) Load the module: With kmod-nft-offload + compatible hardware: nft add table
dnf install kmod-nft-offload On Debian/Ubuntu (module may be built-in or named differently, e.g., nft-offload ): kmod-nft-offload