Not all NICs support flow offloading. You generally need enterprise-grade hardware from vendors like Mellanox (Nvidia), Intel, or Netronome.
When a new connection (like a TCP handshake) arrives, it is processed by the CPU. The nftables engine checks the rules, determines if the traffic is allowed, and sets up a connection tracking entry. kmod-nft-offload
Hardware is purpose-built for packet switching. Offloading allows systems to reach line-rate speeds (e.g., 10Gbps, 40Gbps, or 100Gbps) that might otherwise saturate a standard CPU. Not all NICs support flow offloading
kmod-nft-offload is not a "magic button" for every home PC. It is most effective in: determines if the traffic is allowed