Hi, Raw Payload Expressions - does this cause an out of bounds write? 1. Input configuration file (modification to /etc/nftables.conf): chain output { type filter hook output priority filter; @ih,58,6 set 0 \ @ih,86,6 set 0 \ @ih,170,22 set 0 \ accept; } 2. run /etc/nftables.conf 3. Output ruleset (/usr/sbin/nft list rulset): chain output { type filter hook output priority filter; policy accept; @ih,48,16 set @ih,48,16 & 0x3f \ @ih,80,16 set @ih,80,16 & 0x3f0 \ @ih,160,32 set @ih,160,32 @0x3fffff \ accept; } The mask appears correct for the first re-write, but subsequent re-writes appear to be too large. Please advise. sunny