On Tue, Nov 12, 2024 at 03:55:13PM +0100, Thomas Koeller wrote: > Hi, > > migrating my existing firewall setup from iptables + ipset to nftables, I ran into a problem. > > The firewall uses an ipset containing ipv4 source addresses to implement a dynamic blacklist. There are multiple rules that use this > ipset, and these rules are in chains that belong to different tables. This doesn't seem to be possible with nftables sets, that > apparently always have to belong to one and only one table, is this correct? At least I couldn't figure out how to create a set that > is accessible throughout the entire ruleset. Then, unify your tables in one global inet table.