Hi, I am using nftables with geoip sets. When I have larger sets in my ruleset and I want to atomically update the entire ruleset, I start with destroy table inet filter and then continue with my new ruleset. When the sets are larger I now always get an error: ./main.nft:13:1-26: Error: Could not process rule: Cannot allocate memory destroy table inet filter ^^^^^^^^^^^^^^^^^^^^^^^^^^ along with the kernel message percpu: allocation failed, size=16 align=8 atomic=1, atomic alloc failed, no space left This also happens when I use delete instead of destroy. This seems to be an issue with allocating atomic memory in the netfilter kernel code. Does anyone have a hint what is going on and how to debug it or maybe a suggestion for a patch? Best and thanks Sven
