Hi, On Thu, Dec 12, 2024 at 10:33:14AM +0000, caskd wrote: > > I don't manage to reproduce such duplication with 1.1.1. > > > > Would you make a simpler reproducer? > Yes, surely. I've tested the following in a priviledged debian unstable container and i have the same behavior. > > mkdir -p /tmp/test/include > echo > /tmp/test/main <<-EOF > table inet test { > chain test { > include "include/*"; > } > } > EOF > echo "tcp dport 22 accept;" > /tmp/test/include/one > echo "tcp dport 25 accept;" > /tmp/test/include/two > nft -e -I /tmp/test/ -f /tmp/test/main > > Executing this on 1.1.1 results in the following being executed/outputted: > root@nnd-navi:/tmp/test# nft -e -I /tmp/test/ -f /tmp/test/main > add table inet test > add chain inet test test > add rule inet test test tcp dport 22 accept > add rule inet test test handle 2 tcp dport 25 accept > add rule inet test test handle 3 tcp dport 22 accept > add rule inet test test tcp dport 25 accept Thanks for your reproducer. I am proposing the following fix for this issue: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20241212222436.179133-1-pablo@xxxxxxxxxxxxx/