Being used to application firewalls like simplewall and Glasswire on Windows, AFWall+ on Android, OpenSnitch on Linux, nobody could convince me to waste my time with a port based firewall.
I just don't have the time to search all the used ports for the programs that I need.
Plus some programs like bittorrent clients can have option to use a random port, I wonder how would I creat a rule for that in a port-based firewall.

I understand that Firewalld is also used by openSUSE with the Yast interface ... I personally found myself very well and rarely had to deal with it, but when it happened it was simple and intuitive.

It is not all port-based of course. I have not done any nftables rules for a single process ID myself, but I used cgroups instead where I grouped several processes into a cgroup for the same purpose. The filter rules then apply for all the processes within the cgroup. It is also possible to use user and group IDs and create filter rules for users and groups of users. For individual processes will it work likely similar in that one has to mark a process and then add filter rules based on the mark.

If you are looking for a trick to achieve that at least partly using nftables alone, yes of course you will find it. But that doesn't mean that it makes sense or that it's a solution one should recommend to anyone unless it's someone who has a particular interest in firewalls and the way they operate. A normal user can easily understand the notions "I'm at home, I'm at work, I'm at a friend's house where I can kind of trust some stuff, I'm at the airport where I don't trust anything" and a good solution is one that presents them with exactly those options that map to their view of the world. Expecting the user to start worrying about which device has which MAC address (which can also change, by the way) and deal with the minutiae of nftables syntax to filter packets based on MAC addresses is plain absurd. Most computer users are gamers, graphic artists, scientists, software developers, social media fans etc. whose interest in, and enjoyment of OS administration is exactly zero.

So when using GNOME you are not really using Linux? Using Linux means only invoking kernel syscalls in assembly? You really sound like some l33t kid to me.

I am saying he cannot claim to be using firewalld without using nfttables, all while he claims to be using firewalld by using a GUI to firewalld. You want to read my comment again and wait a little for it to sink in.

And what does a l33t kid sound like? I do not know. If they sound like 50-year olds on the Internet then perhaps I do sound like one.

Manual switching is great, until you forget to switch. But do not get hung up on it. It was merely a suggestion of what you can do, and I was not saying you would have to do it.

Actually codecs are mostly implemented using the compiler's SIMD intrinsics. Ok, technically they are basically assembly instructions.

Mate, before you lecture someone about what needs to "sink in" you really should make an effort to understand what many people have been trying to explain to you in this thread - apparently unsuccessfully so far. Firewalld uses nftables internally just like nftables use the Linux kernel which uses the CPU which uses etc... That's irrelevant. The point is that nftables bring a low level of abstraction that's not pertinent nor useful for the use cases that we are discussing here. Firewalld is designed to provide precisely that level of abstraction. Whether someone uses it through the GUI or through the CLI is irrelevant. Besides AFAIK you are wrong because the firewall-cmd command talks to firewalld through DBUS exactly the same way as the firewall-config GUI, so they are on the same level of the software stack and are both equally "native".

One of the main advantages of firewalld is that the switching is automatic. You select a zone the first time you connect somewhere, then it remembers it and will switch to it next time and every time you go there, so you don't forget. For me personally that alone is 90% of the reasons I use firewalld.