Package: nftables Version: 1.0.6-2+deb12u2 Severity: minor In production I wanted to list two sets and count how many elements are in each:
$ sudo nft -json 'list set inet my_filter my_IPS_IPv4_blacklist' | jq '.nftables[1].set.elem | length' 33 When I tried to list both sets at once (IPv4 & IPv6), nft gave confusing errors. Below is the smallest test ruleset I found that reproduces the problem. bash5$ sudo ip netns add delete-me bash5$ sudo ip netns exec delete-me nft 'flush ruleset; table inet x { set xs { type ipv4_addr; }; set ys { type ipv6_addr; }; }' bash5$ sudo ip netns exec delete-me nft list ruleset table inet x { set xs { type ipv4_addr } set ys { type ipv6_addr } } bash5$ sudo ip netns exec delete-me nft 'list set inet x xs' table inet x { set xs { type ipv4_addr } } bash5$ sudo ip netns exec delete-me nft 'list set inet x ys' table inet x { set ys { type ipv6_addr } } bash5$ sudo ip netns exec delete-me nft 'list set inet x xs; list set inet x xs' table inet x { set xs { type ipv4_addr } } table inet x { set xs { type ipv4_addr } } bash5$ sudo ip netns exec delete-me nft 'list set inet x ys; list set inet x ys' table inet x { set ys { type ipv6_addr } } table inet x { set ys { type ipv6_addr } } bash5$ sudo ip netns exec delete-me nft 'list set inet x xs; list set inet x ys' Error: No such file or directory; did you mean set ‘ys’ in table inet ‘x’? list set inet x xs; list set inet x ys ^^ bash5$ sudo ip netns exec delete-me nft 'list set inet x ys; list set inet x xs' Error: No such file or directory; did you mean set ‘xs’ in table inet ‘x’? list set inet x ys; list set inet x xs ^^ bash5$ /sbin/nft --version nftables v1.0.6 (Lester Gooch #5) bash5$ uname -a Linux hera 6.5.0-0.deb12.4-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.5.10-1~bpo12+1 (2023-11-23) x86_64 GNU/Linux bash5$ dpkg-query -W linux-image-amd64 nftables linux-image-amd64 6.5.10-1~bpo12+1 nftables 1.0.6-2+deb12u2 -- System Information: Debian Release: 12.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.5.0-0.deb12.4-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages nftables depends on: ii libc6 2.36-9+deb12u4 ii libedit2 3.1-20221030-2 ii libnftables1 1.0.6-2+deb12u2 Versions of packages nftables recommends: ii netbase 6.4 Versions of packages nftables suggests: pn firewalld <none> -- Configuration Files: /etc/nftables.conf changed [not included] -- no debconf information