Hi,
Is there any updates on this ?
https://marc.info/?l=netfilter&m=166256224929259&w=2
I don't understand why using "nft list chain netdev firewall filter"
take time and CPU usage even if a set have a high numbers of elements
since we don't show the elements in the set.
There is the filter command in the chain "nft add rule netdev firewall
filter update @ratelimit_test { ip saddr . ip daddr . th dport } counter
drop" which use the set but, we don't see how many elements and/or which
elements are in the set.
Listing a chain should not try to load the elements in the set(s) that
are used in a filter like iptables with ipset does not.
It also do the same even if "counter" is not used.
