nftables syntax peculiarities

nftables has some peculiarities in its syntax.

One of my "favorites" is the fact that you can't define an empty set while using elements keyword and contents literal. For example, let's create a table:

nft add table test_tbl

Now we can add a set:

nft add set test_tbl test_set { type inet_service\; }

This set is empty - that works just fine. We could also initialize it with some values from the get go:

nft add set test_tbl test_set { type inet_service\; elements = {80}}

But what is not possible (nftables v1.0.6) is using contents literal while keeping the set empty:

nft add set test_tbl test_set { type inet_service\; elements = {}}

The above will result in:

Error: syntax error, unexpected '}'
add set test_tbl test_set { type inet_service; elements = {} }
                                                           ^
Error: syntax error, unexpected end of file
add set test_tbl test_set { type inet_service; elements = {} }
^

And that is non intuitive and also unfortunate in the context of templating nftables config files - when filling elements from a variable - because empty iterable case must be dealt with separately.

Sometimes it's a matter of simple if, but depending on the language, and if we already hold reference to the final values or maybe we need to create those on the fly, this can become a nuisance.

Also, let's not forget all those looming bugs, just waiting for the edge case of the empty set.

Anyway, there is probably some good reason for this.