Yes, that's a bug: http://git.netfilter.org/nftables/commit/?id=9628d52e46ac7022512149e7f5d3aefa226bbe25 On Wed, Oct 27, 2021 at 05:03:44PM -0500, Chris Arges wrote: - Hi, I was wondering if it is possible to do terse listings of rulesets and ensure that set names are also visible. For example if I have the following example: #!/usr/sbin/nft -f table inet filter { set example { type ipv4_addr flags interval auto-merge elements = { 10.10.10.10, 10.10.11.11 } } chain input { type filter hook prerouting priority filter; policy accept; ip saddr @example drop } } if I do the listing in v1.0.0, I will see the following: $ sudo nft -t list ruleset table inet filter { set example { type ipv4_addr flags interval auto-merge } chain input { type filter hook prerouting priority filter; policy accept; ip saddr @example drop } } In the latest master I see the following: $ sudo nft -t list ruleset table inet filter { chain input { type filter hook prerouting priority filter; policy accept; meta nfproto ipv4 drop } } netlink: Error: Unknown set 'example' in lookup expression The old behavior is nice in that the set name is present without the contents of the set. Thanks, --chris
