Hi folks, While experimenting with adding nftables sets on memory-constrained devices, I have run into OOM conditions. Currently many embedded devices such as routers are balancing on the verge of not enough memory if using nft sets (at least interval sets). I know that there has been progress on the front of reducing memory footprint, but it's not yet in the nftables versions supplied by the distributions, so for now I have to work with the current state of things. To be on the safe side, currently my scripts add sets separately from adding rules and removing sets. I'd like to ask the devs, is it safe under these conditions to attempt performing all these actions in one atomic operation? Is previous firewall configuration guaranteed to be successfully restored if the operation runs into OOM?
