Package: nftables Version: 0.9.1-2 Severity: minor The nftables file parser allows newlines in literal sets and maps. It allows comments in them -- but it doesn't allow comments on their own line. I think this is a mistake, and the parser should be changed to allow them.
A simple example ruleset is below. # cat tmp.nft table inet x { # comments are allowed here chain y { # comments are allowed here icmpv6 type { 1, # comments are allowed here 2, } accept icmpv6 type { 1, # comments AREN'T allowed here 2, } accept } } list ruleset root@not-omega:~# nft --file tmp.nft tmp.nft:12:43-43: Error: syntax error, unexpected newline, expecting comma or '}' # comments AREN'T allowed here ^ tmp.nft:13:14-14: Error: syntax error, unexpected comma 2, ^ tmp.nft:14:11-16: Error: syntax error, unexpected accept, expecting newline or semicolon } accept ^^^^^^ PS: it also doesn't allow blank lines, e.g. add table x add chain x y add rule x y ip saddr { 1, 2, } accept -- System Information: Debian Release: 10.0 APT prefers stable APT policy: (990, 'stable'), (500, 'proposed-updates'), (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled