After decades of suffering through ipchains/iptables syntax, and seeing how easy fw and ufw made common firewall workflows, it's disappointing that the best Debian's iptables replacement can do is:
nft add rule inet filter input tcp dport 22 accept
When syntax for common workflows is complicated, you increase the chance the admin will make a mistake that exposes them to attackers. See S3 bucket permissions for more examples of this. #infosec #devops