Created attachment 764088 [details] emerge --info I upgraded from net-firewall/nftables-0.9.4-r2 to the latest stable net-firewall/nftables-1.0.0 due to Python update inside Portage tree. Nftables started at boot with the old /var/lib/nftables/rules-save, but I can't save new one. /etc/init.d/nftables save doesn't work. Also, I can't see ruleset: nft list ruleset shows me empty output without any errors.
The minimal ruleset to reproduce is the following. Logging as root. # su - Ruleset became empty after upgrade of nftables: # nft list ruleset <empty> But I still have all rules inside /var/lib/nftables/rules-save and they are loaded during boot. Clear all rules. # nft flush ruleset Load first default IPv4 filter rules from file: # nft -f /usr/share/nftables/ipv4-filter.nft Ruleset is still empty: # nft list ruleset <empty> Trying to save nftables state fails: # /etc/init.d/nftables save nftables | * Saving nftables state ... [ !! ] Then I usually can load my old ruleset using (saving doesn't work): nft -f /var/lib/nftables/rules-save I see that nftables itself loads rules and works in the kernel but I can't see rules at all. Nftables Script also can't save loaded rules. I also see that I can change rules. For example, I can break Internet behind NAT and then get it back with the loading of good old rules-save. Is it upstream bug? What has changed between nftables-0.9.4 and nftables-1.0.0?
I've just upgraded net-firewall/nftables from 1.0.0 into 1.0.1-r2 and net-libs/libnftnl from 1.2.0-r1 into 1.2.1 and "nft list ruleset" command have started to work. So, it's either incompatibility of libnftnl-1.2.0-r1 with nftables-1.0.0 or smth like that. BTW, it doesn't depend on kernel updates. But I tested also with sys-kernel/gentoo-sources-4.4.302 [EOL].
Rules saving also works after update. But it has become in numeric form due to SAVE_OPTIONS="-n" in /etc/conf.d/nftables.
This bug is fixed after update to nftables-1.0.1-r2 and libnftnl-1.2.1.