Gio, Just out of curiosity, how many elements did you have? I just dug through the code, I think this is the right spot: https://git.netfilter.org/nftables/tree/src/evaluate.c#n2356 and it looks like only a lower bound (no empty sets) is enforced on anonymous sets. I then created a rule with ~540 IPv4 elements and another with 375 IPv6 elements (strange numbers because I already had a script with a bunch of IPs in it), and it created the rules just fine. Eric ------- Original Message ------- On Friday, January 13th, 2023 at 21:05, Gio <gioflux@xxxxxxxxx> wrote: > thank you! this got me going into the right direction. > > It appears that I had too many IPv6 addresses inside an anonymous Set > - I wasn't aware there was a limit of how many elements could be > within a set (inside curly brackets)? > > There is no mention of a limit of how many in > https://wiki.nftables.org/wiki-nftables/index.php/Sets - unless I > missed something. > > On Fri, Jan 13, 2023 at 11:14 AM Eric evil.function@xxxxxxxxx wrote: > > > Off the top of my head, --echo and --debug all will increase the quantity of output (the latter quite a lot). > > > > Eric > > > > ------- Original Message ------- > > On Thursday, January 12th, 2023 at 23:05, Gio gioflux@xxxxxxxxx wrote: > > > > > Hi, > > > I have a relatively small config.nft file with ~220 lines that I am > > > trying to load onto my system. When I do this I get the below error > > > message. > > > > > > The ruleset is very small, so I don't expect this to be a buffer > > > issue. Are there any recommended troubleshooting steps or perhaps a > > > way to load the file in a more verbose way to see in which line of the > > > config.nft file this error is triggered? > > > > > > Thanks. > > > > > > root@nf:~/nftables-geoip# nft -f noverbose.nft > > > netlink: Error: Could not process rule: Message too long > > > root@nf:~/nftables-geoip# wc -l noverbose.nft > > > 221 noverbose.nft
