Hello, I'm filtering Address-Ranges and Ports to let them though. However it doesn't seem to accept "flags intervals". Even the Example on the wiki isn't getting accepted! Example from https://wiki.nftables.org/wiki-nftables/index.php/Concatenations#Network_addresses flush ruleset table inet mytable { set myset { type ipv4_addr . ipv4_addr flags interval elements = { 192.168.0.0/16 . 172.16.0.0/25, 10.0.0.0/30 . 192.168.1.0/24, } } chain mychain { ip saddr . ip daddr @myset counter accept } } Error: nft -f TestD.nft TestD.nft:4:9-13: Error: Could not process rule: Invalid argument set myset { ^^^^^ When I do it without " flags interval" it gives no Error, However it deletes the Subnet ("/XX"), so it's not a feasible option for me. I have already tried adding Semicolons, no effect. Simple Sets with just one item (for example just ip ranges) to filter work just fine. Hope someone of you has an idea.
