diff --git a/package/features b/package/features
index da68b369..965f7caf 100644
--- a/package/features
+++ b/package/features
@@ -38,7 +38,7 @@ when(_'web-advanced' and _'autoupdater', {
 
 
 when(_'mesh-batman-adv-15', {
-	'gluon-ebtables-limit-arp',
+	'gluon-nftables-limit-arp',
 	'gluon-radvd',
 })
 
diff --git a/package/gluon-mesh-batman-adv/Makefile b/package/gluon-mesh-batman-adv/Makefile
index 622f0577..6c6cb226 100644
--- a/package/gluon-mesh-batman-adv/Makefile
+++ b/package/gluon-mesh-batman-adv/Makefile
@@ -12,7 +12,8 @@ define Package/gluon-mesh-batman-adv-15
 	+gluon-core \
 	+libgluonutil \
 	+gluon-client-bridge \
-	+gluon-ebtables \
+	+gluon-nftables \
+	+gluon-nftables-multicast \
 	+firewall4 \
 	+libiwinfo \
 	+kmod-dummy \
diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/250-next-node b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/250-next-node
deleted file mode 100644
index c239f81e..00000000
--- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/250-next-node
+++ /dev/null
@@ -1,41 +0,0 @@
-local client_bridge = require 'gluon.client_bridge'
-local site = require 'gluon.site'
-local next_node = site.next_node({})
-
-local macaddr = client_bridge.next_node_macaddr()
-
-rule('FORWARD --logical-out br-client -i bat0 -o local-port -j DROP')
-rule('FORWARD --logical-out br-client -i local-port -o bat0 -j DROP')
-
-rule('PREROUTING --logical-in br-client -i bat0 -s ' .. macaddr .. ' -j DROP', 'nat')
-rule('PREROUTING --logical-in br-client -i bat0 -d ' .. macaddr .. ' -j DROP', 'nat')
-
-rule('FORWARD --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
-rule('OUTPUT --logical-out br-client -o bat0 -d ' .. macaddr .. ' -j DROP')
-rule('FORWARD --logical-out br-client -o bat0 -s ' .. macaddr .. ' -j DROP')
-rule('OUTPUT --logical-out br-client -o bat0 -s ' .. macaddr .. ' -j DROP')
-
-if next_node.ip4 then
-	rule('FORWARD --logical-out br-client -o bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
-	rule('FORWARD --logical-out br-client -o bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
-	rule('FORWARD --logical-out br-client -i bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
-	rule('FORWARD --logical-out br-client -i bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
-
-	rule('OUTPUT --logical-out br-client -o bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
-	rule('OUTPUT --logical-out br-client -o bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
-
-	rule('INPUT -i bat0 -p ARP --arp-ip-src ' .. next_node.ip4 .. ' -j DROP')
-	rule('INPUT -i bat0 -p ARP --arp-ip-dst ' .. next_node.ip4 .. ' -j DROP')
-
-	rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
-	rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination ' .. next_node.ip4 .. ' -j DROP')
-	rule('FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
-	rule('OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source ' .. next_node.ip4 .. ' -j DROP')
-end
-
-if next_node.ip6 then
-	rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
-	rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination ' .. next_node.ip6 .. ' -j DROP')
-	rule('FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
-	rule('OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source ' .. next_node.ip6 .. ' -j DROP')
-end
diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output
deleted file mode 100644
index 377d11cd..00000000
--- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/ebtables/300-radv-input-output
+++ /dev/null
@@ -1,2 +0,0 @@
-rule 'INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -i bat0 -j DROP'
-rule 'OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -o bat0 -j DROP'
diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/250-next-node.lua b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/250-next-node.lua
new file mode 100644
index 00000000..85939109
--- /dev/null
+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/250-next-node.lua
@@ -0,0 +1,41 @@
+local client_bridge = require 'gluon.client_bridge'
+local site = require 'gluon.site'
+local next_node = site.next_node({})
+
+local macaddr = client_bridge.next_node_macaddr()
+
+bridge_rule('FORWARD', 'obrname "br-client" iifname "bat0" oifname "bat0" drop')
+bridge_rule('FORWARD', 'obrname "br-client" iifname "local-port" oifname "bat0" drop')
+
+bridge_rule('PREROUTING', 'ibrname "br-client" iifname "bat0" ether saddr ' .. macaddr .. ' drop', 'nat')
+bridge_rule('PREROUTING', 'ibrname "br-client" iifname "bat0" ether daddr ' .. macaddr .. ' drop', 'nat')
+
+bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ether daddr ' .. macaddr .. ' drop')
+bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ether daddr ' .. macaddr .. ' drop')
+bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ether saddr ' .. macaddr .. ' drop')
+bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ether saddr ' .. macaddr .. ' drop')
+
+if next_node.ip4 then
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" arp saddr ip ' .. next_node.ip4 .. ' drop')
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" arp daddr ip ' .. next_node.ip4 .. ' drop')
+	bridge_rule('FORWARD', 'obrname "br-client" iifname "bat0" arp saddr ip ' .. next_node.ip4 .. ' drop')
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" arp daddr ip ' .. next_node.ip4 .. ' drop')
+
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" arp saddr ip ' .. next_node.ip4 .. ' drop')
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" arp daddr ip ' .. next_node.ip4 .. ' drop')
+
+	bridge_rule('INPUT', 'iifname "bat0" arp saddr ip ' .. next_node.ip4 .. ' drop')
+	bridge_rule('INPUT', 'iifname "bat0" arp daddr ip ' .. next_node.ip4 .. ' drop')
+
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ip daddr ' .. next_node.ip4 .. ' drop')
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ip daddr ' .. next_node.ip4 .. ' drop')
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ip saddr ' .. next_node.ip4 .. ' drop')
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ip saddr ' .. next_node.ip4 .. ' drop')
+end
+
+if next_node.ip6 then
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ip6 daddr ' .. next_node.ip6 .. ' drop')
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ip6 daddr ' .. next_node.ip6 .. ' drop')
+	bridge_rule('FORWARD', 'obrname "br-client" oifname "bat0" ip6 saddr ' .. next_node.ip6 .. ' drop')
+	bridge_rule('OUTPUT', 'obrname "br-client" oifname "bat0" ip6 saddr ' .. next_node.ip6 .. ' drop')
+end
diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/300-radv-input-output.lua b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/300-radv-input-output.lua
new file mode 100644
index 00000000..681659f0
--- /dev/null
+++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/nftables/300-radv-input-output.lua
@@ -0,0 +1,2 @@
+bridge_rule('INPUT', 'iifname "bat0" icmpv6 type nd-router-solicit drop')
+bridge_rule('OUTPUT', 'oifname "bat0" icmpv6 type nd-router-advert drop')