Thanks a lot, Anton. It is included, indeed. Regards, Xavier On Thu, 8 Feb 2024 17:59:43 +0200 Anton <anton.khazan@xxxxxxxxx> ha escrit: > It might be included in one of the intervals, which is why grep doesn't see it. > Try this: > > nft get element inet my_table badips { 198.199.104.80 } > > > On Thu, Feb 8, 2024 at 5:22 PM Xavier B. <somenxavier@xxxxxxxxxx> wrote: > > > > Hi, > > > > I have an artix instance with nfttables there. I have several rules (attached file) but mainly I have a set of ip addresses I want to ban: > > > > table inet my_table { > > > > set badips { > > type ipv4_addr > > flags interval > > auto-merge > > elements = {1.0.147.18 } > > } > > > > chain my_input { > > ... > > ip saddr @badips drop comment "[nftables] Block ban IP" > > ... > > } > > ... > > } > > > > Until now, when I add some new IP to my badips set, everything is fine, but today is not: > > > > # nft add element inet my_table badips { 198.199.104.80 } > > # nft list ruleset | grep 198.199.104.80 > > # > > > > As you can see "nft list ruleset | grep 198.199.104.80" produces no output, which means that this IP is not added in badips set. > > > > So, I suspect nft has a theoric limit size of number of elements of a set. Is it true? Or not? If it is, what limit is that? > > > > Thanks in advance, > > Xavier >