Alternative to QoS (iptables based) for Guest Network

Hi! In order to reduce the load on the network/router from the guest network, we use QoS to reduce the dl/upload speed (well, so that guests don't spand so much traffic)
I know, this can be resolved here, in wiki:

But the problem is that QoS uses outdated iptables, not nftables, and then in “Status -> Firewall” it will say:

Legacy rules detected
There are legacy iptables rules present on the system. Mixing iptables and nftables rules is discouraged and may lead to incomplete traffic filtering.

Then the question is, what is the alternative to QoS (iptables based) so that such a warning will not showing again and is only for the guest network, not like in “QoS over nftables” only by MAC address and IP address (some devices can bypass using random IP/MAC address each time they connect to the network)

before abandoning nftables try the following package:


you can filter by IP and Mac address but also by network, for example the whole 192.168.x.0/24 (on vlan therefore clients cannot change IP addresses and would not access the network)

I only saw one problem:


For a guest network you can use the openNDS package.
A default install will give a simple click to continue splash page and with minor config changes you can limit upload and download rates.
It is fully nftables migrated and tracks and logs by mac/ip address after authentication on the splash page.

It is probably a different way of looking at the problem for you, but is a perfect use case for openNDS.