Hi, On Wed, Dec 11, 2024 at 09:40:43AM +0000, caskd wrote: > Hello netfilter users and devs, > > Following upgrade to 1.1.1 i've noticed strange behavior in the inclusion of my netfilter rulesets. Entries included via glob were duplicated. This only occurs when both -I and -f is used, due to the follwing commits: > > 6ef04f99382c074c3669de31cf0a70651662b261 libnftables: search for default include path last > 302e9f8b3a1382cf09db32541693b5df7d80ca1e libnftables: add base directory of -f/--filename to include path > > Steps to replicate: > > Create a directory with one or more rule files. > Include everything in the directory with include 'dir/*' from /etc/nft/rules > Apply the rules with nft -I /etc/nft -f /etc/nft/rules > > If the include dir is defined as a command-line parameter then entries are duplicated, while without it they are not. > This was not the case on 1.0.9 before these commits were present. > > Has someone worked on a patch for this yet? If not, i might give it a shot myself. I don't manage to reproduce such duplication with 1.1.1. Would you make a simpler reproducer? What default directory you have for nftables? You can guess via: # nft -h | grep "\-I" Thanks.