On 3/27/23 18:05, Pablo Neira Ayuso wrote:
It is a userspace bug in error reporting, patch is here: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230327145045.33797-1-pablo@xxxxxxxxxxxxx/ I recommend you split that superlong line Now it shows this: # nft -f ruleset.nft ruleset.nft:402:1-16: Error: Could not process rule: File exists 8.9.10.11/30, ^^^^^^^^^^^^^ instead of the internal location.
Thanks for pointing out this. Now I have figured out that the behaviour of nftables is different from my expectation due to absence of the line "flush ruleset" at the beginning of the main ruleset file, thus reload caused entries addition and not atomic replacement to the newest config.
