It was reported via http://bugzilla.opensuse.org/show_bug.cgi?id=1171321 that nft exhibits a crash parsing the command line. This problem still exists as of 93eeceb50078e6ca54636017ee843cbeffbb4179. » nft add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95 95 switch (indesc->type) { (gdb) bt #0 0x00007ffff7f64f1e in erec_print (octx=0x55555555d2c0, erec=0x55555555fcf0, debug_mask=0) at erec.c:95 #1 0x00007ffff7f65523 in erec_print_list (octx=0x55555555d2c0, list=0x7fffffffdd20, debug_mask=0) at erec.c:190 #2 0x00007ffff7f6d7d6 in nft_run_cmd_from_buffer (nft=0x55555555d2a0, buf=0x55555555db20 "add rule inet traffic-filter input tcp dport { 22, 80, 443 } accept") at libnftables.c:459 #3 0x0000555555556ef0 in main (argc=14, argv=0x7fffffffded8) at main.c:455 (gdb) p indesc $1 = (const struct input_descriptor *) 0x0
