On Sunday, March 26th, 2023 at 02:46, Serg <seentr@xxxxxxxxxxxx> wrote: > Today I have encountered strange behaviour of the `nft -cf` - I receive > an error message with an exit code 1. The error message is > "internal:0:0-0: Error: Could not process rule: File exists". > > My configuration consist of several files and I have found one that > causing this error - it is set with a list of networks in CIDR format. > The file is pretty big - it takes 15K on its own (it does not contains > any rules at all, just a single set). Hi Serg, The only reference to "File exists" I could find was in the test linked below, so maybe that's a starting point. https://git.netfilter.org/nftables/tree/tests/shell/testcases/sets/0057set_create_fails_0 That leads me to search for NFT_MNL_ACK_MAXSIZE, and into https://git.netfilter.org/nftables/tree/src/mnl.c where the mnl_batch_talk function has a socket receive buffer of that size. It could indeed be that your set contents are just to large and you need to break it into several smaller "add" pieces??? Eric
