Created attachment 766614 [details] emerge --info When there are rules with multiple items in the line (ie tpc dport { 80, 443 } log or ip saddr { 10.1.10.1, 10.1.10.250 } accept and using the --terse option for nft (nft -t list ruleset) results are printed up to the line before the group, the next line contains segfault, and no other lines are printed. I noticed the problem with nftables-1.0.1-r2. I installed nftables-1.0.1-r1 and did not have the issue. I installed nftables-1.0.2-r1 and did not have the issue.
The difference between 1.0.1-r1 and 1.0.1-r2 is really small: it just fixes the Python bindings (https://gitweb.gentoo.org/repo/gentoo.git/commit/net-firewall/nftables?id=bb71ed3992d7a0aa8bc221b4ee52dd4ef091d191, bug 832395).
(In reply to Sam James from comment #1) > The difference between 1.0.1-r1 and 1.0.1-r2 is really small: it just fixes > the Python bindings > (https://gitweb.gentoo.org/repo/gentoo.git/commit/net-firewall/ > nftables?id=bb71ed3992d7a0aa8bc221b4ee52dd4ef091d191, bug 832395). Sorry, even less: https://gitweb.gentoo.org/repo/gentoo.git/commit/net-firewall/nftables?id=a90213e9289ee8d04a062c163158b70e92f8db16. Nothing changed in the codebase. Just added a := dep on iptables to get rebuilt when its ABI changes.
Version 1.0.1 introduced a regression affecting the combination of --terse and anonymous sets that 1.0.2 resolved by way of the following commit. https://git.netfilter.org/nftables/commit/?id=8492878961248b4b53fa97383c7c1b15d7062947 Assuming that there are no further complaints, I would suggest closing this bug.
(In reply to Kerin Millar from comment #3) > Version 1.0.1 introduced a regression affecting the combination of --terse > and anonymous sets that 1.0.2 resolved by way of the following commit. > > https://git.netfilter.org/nftables/commit/ > ?id=8492878961248b4b53fa97383c7c1b15d7062947 > > Assuming that there are no further complaints, I would suggest closing this > bug. Thanks.
