We may have to look to books to get more basics, background and theory etc. ...Or perhaps look for basics in documentation for iptables and then work from there to transfer knowledge into working with nftables.
I might asked again: what is your struggle? The wiki explains tables and chains and rules. It also explains how to use advanced concepts like vmaps, sets and how you should organize your ruleset.
Are you looking for basic firewall rules? Are you searching how the Linux packet filtering system works?
Just throwing a "I'm looking for explanation" without saying for what will not bring any benefits.
The web is full of 5 minute introductions. The arch wiki contains an okish overview what rules you might want on a workstation. And so on.
But back to your initial post: you said you have gotten rules you do not understand. The 10 min introduction is a cheat sheet for quick lookup of options. But you still failed to provide rules which you do not understand. And again you have not asked for an introduction you have asked about specific rules. So the reader would assume you have a basic understanding how a firewall on Linux works in general...
So my last try: what rules do you have which you do not understand? Or provide the full rule set with inline comments what is unclear to you.
It is a well-recognised phenomenon that highly technically minded individuals are often not well suited to communicating or describing technical subject-matter in a manner that facilitates a rapid understanding by others. In my work I often have to form a bridge between inventors and the provision of a technical description of inventions, and so I experience this first hand.
I do not think that the nftables wiki provides a good introduction or overview for those not familiar with nftables or perhaps even not familiar with iptables. Like @richb-hanover-priv indicated it seems to assume a great deal of background knowledge.
The OpenWrt wiki entry for nftables leaves a fair amount to be desired and lacks practical assistance for basic concepts like, for example, how to add a custom table. Taking the latter example, as far as I can tell, an explanation for that is buried in a comment on a GitHub issue here:
And even then the default behaviour is that if the firewall does not properly load owing to a typo in a config file or similar the user cannot even access his OpenWrt system on reboot without entering failsafe mode. Ouch!
In general improved knowledge sharing is an area that I think the OpenWrt project as a whole could benefit from. The wiki is surely an important and promising avenue for such improvement, and of course that requires willing volunteers and improving the culture in respect of documentation. Not easy, but I hope this may get better with time.
In my experience, the best tutorial is to read and understand a well-documented nftables ruleset (see many of dlakelan’s threads and github repo). nftables is not well-understood yet compared to iptables, and is still under active development by the Netfilter team, so existing tutorials get stale quickly.
Isn’t firewall3/firewall4 meant to insulate less technical users from the intricacies of iptables/nftables? Once firewall4 becomes part of a stable release, I would expect the firewall wiki documentation to be updated for the changes since firewall3.
The simplest answer is: ENOTIME. That is, like most people on the Forum, I have limited time to learn about new technologies. As a forty-year network professional, I am confident that I could take 2-5 hours to read through the first results from Google and learn about nftables.
But why should I? (And more to the point, why should every other reader of the Forum?) One big advantage of having a community of techies is that we can share tips, secrets, or ways to learn about a new topic, especially if those links point to information that's known to be correct for OpenWrt.
My fond hope is to find a page that says, "Look. Here is what you need to know about this stuff. Here's the lingo, here's what those terms mean, here's what happens when a packet arrives..."
It's OK if no such page(s) exist. But it's not wrong for me to ask the Forum if anyone has links.
In 2 to 5 hours you are able to read the nftables wiki cover to cover. Twice.
Then there is the man page for nftables.
If you are familiar with the concept of tables and chains you should have not that of a hard time.
I can only repeat my point: you said you have issues understanding a ruleset but you did not shared it so how could anyone point you in a specific direction?
For my sins, I did write most of the openwrt page on nft : https://openwrt.org/docs/guide-user/firewall/misc/nftables - this was just done quickly, as previously it was largely empty, and I just wanted something in place to show how to get it working on openwrt, and not to go into the details of nft. I've updated it on major releases, but only made the minor changes needed for that release.
Also gut feeling, when the 22.03 version of openwrt comes out - it will need a more major rewrite, as 22.03 with fw4 is nftables based. I'll probably still keep the above page, as how to do nftables from a file - as speaking just for myself, I like that format.
As to how to learn nftables, well I'm not an expert by any means. Me though I learnt the structure of it direct from the nftables web site wiki; and learning the structure of tables, containing chains, containing rules is critical.
Learning the various rules, well the wiki again is place to start. But I also found nft describe to be critical if you want exactly what is possible. E.g. to get the full options of oiftype then nft describe oiftype gives them; I found nft describe to have some things in it, that I've not seemed documented elsewhere.
And I'm sorry this isn't a completely clear introduction. Alas, I haven't yet found a good introduction. So think there is space for some to write one!
This is a perfect (although somewhat disappointing) answer to the question - there doesn't appear to be a decent tutorial for nftables. Drat. But I can stop Googling...
I completely understand your "... for my sins..." comment You realized that somebody needed to write some documentation, and that "somebody" turned out to be you. I applaud you, and there's no need to apologize. Thanks.