Currently FreePBX relies on iptables for the system firewall (as many still do), however, more modern OS releases are starting to move away from iptables in favor of nf_tables. By this, I mean they will completely remove the use in future releases.
Right now with Debian 12 the OS uses nf_tables as the backend when using iptables via the iptables-nft layer. I would suspect that 13 or 14 will be the point when iptables is fully replaced by nf_tables.
While nf_tables can do a lot or more than iptables, the one thing it cannot do is string matching right now. I know there are a couple STRING based rules in the FreePBX firewall…like for checking Let’s Encrypt renewals…
I’m going to say at some point, soon, looking at converting from iptables to nf_tables will need to be done.