Since ipset-7.17-r1 we've used a short suffix for temp ipset names. But as pointed out in https://bugs.gentoo.org/908235#c4, the suffix chosen, '.t', causes misbehavior when that is used to grep for the existence of a set by that name, because the . is a regex wildcard. We either need to forbid . in suffixes, or add escaping when building a regex. There's some other implicit restrictions on the characters allowed in TEMP_SUFFIX, because we embed it in sed s/// commands and such. a / is legal in a set name, but would break our init script. So we should enforce restricting and/or sanitizing more characters than just ., but anything that we can't support correctly. We also probably should quote set names more thoroughly.
I'm working on a PR that addresses the primary issue plus various additional checks.