Hi *,
I wonder why I can not give an element of a set a comment like with the
old `ipset`, neither via the syntax `set my-set {}` nor by `nft add
element filter my-set`.
The man page does mention "comment" only for the whole set.
Is this a planed feature or how do others keep /notes/ on their set entries?
To my mind comes i.e. the use-case of a set with prefixes used by a CDN
which gets updates, removals, or addons over time, and I want i.e.
attach a ticket-id to each element.
Another "issue" I've encountered is the parsing of comments in a config
file when using `#` within an "elements" block:
```
# This works just fine as expected:
set net_docu {
type ipv4_addr
flags interval
elements = {
192.0.2.0/24,
198.51.100.0/24,
203.0.113.0/24
}
}
# This does not work:
# "Remove" an entry by prefixing a line with a hash-sign
set net_docu {
type ipv4_addr
flags interval
elements = {
192.0.2.0/24, # Documentation (TEST-NET-1)
# 198.51.100.0/24, # Documentation (TEST-NET-2)
203.0.113.0/24 # Documentation (TEST-NET-3)
}
}
root@buster:~# nft -f /etc/nftables.conf
/etc/nftables.conf:60:50-50: Error: syntax error, unexpected newline,
expecting comma or '}'
# 198.51.100.0/24, # Documentation (TEST-NET-2)
^
/etc/nftables.conf:61:25-35: Error: syntax error, unexpected string
203.0.113.0/24 # Documentation
(TEST-NET-3)
^^^^^^^^^^^
# This how ever works
# Prefix a line containing an unwanted element with a comma, followed by
a spaced hash-sign
set net_docu {
type ipv4_addr
flags interval
elements = {
192.0.2.0/24, # Documentation (TEST-NET-1)
, # 198.51.100.0/24, # Documentation (TEST-NET-2)
203.0.113.0/24 # Documentation (TEST-NET-3)
}
```
I'm using Debian Buster 4.19.0-5-amd64 with nftables 0.9.0-2.
Thanks.
Bernd
PS: I've also not found any reference for "meta-sets" like with `ipset`:
Create a bunch of sets, and group them in a set of type 'list:set'.
