diff --git a/roles/firewalld/templates/firewalld.conf.j2 b/roles/firewalld/templates/firewalld.conf.j2
index 7a0be1ff1b763ba675bc3e570d5a3909dce57c45..2d1a0cba2bff9b733770bb7b4060156ae0687841 100644
--- a/roles/firewalld/templates/firewalld.conf.j2
+++ b/roles/firewalld/templates/firewalld.conf.j2
@@ -80,3 +80,18 @@ ReloadPolicy=INPUT:DROP,FORWARD:DROP,OUTPUT:DROP
 # internet.
 # Defaults to "yes".
 RFC3964_IPv4=yes
+
+# NftablesFlowtable
+# This may improve forwarded traffic throughput by enabling nftables flowtable.
+# It is a software fastpath and avoids calling nftables rule evaluation for
+# data packets. This only works for TCP and UDP traffic.
+# The value is a space separated list of interfaces.
+# Example value "eth0 eth1".
+# Defaults to "off".
+NftablesFlowtable=off
+
+# NftablesCounters
+# If set to yes, add a counter to every nftables rule. This is useful for
+# debugging and comes with a small performance cost.
+# Defaults to "no".
+NftablesCounters=no