I already talked about nftables and it has now been implemented in the 3.13 kernel !
For those who never heard of that, it’s a kernel built in replacement of iptables. All features are not there yet but should be implemented in 3.15.
If you like Packet Filter, you’ll be happy. If you’re not sure of the advantages of it, simply read that short comparison and you’ll be convinced : https://home.regit.org/2014/01/why-you-will-love-nftables/