<html>
    <head>
      <base href="https://bugzilla.netfilter.org/" />
    </head>
    <body><table border="1" cellspacing="0" cellpadding="8">
        <tr>
          <th>Bug ID</th>
          <td><a class="bz_bug_link 
          bz_status_NEW "
   title="NEW - 'define' functionality not sufficient for maintaining sets and the like"
   href="https://bugzilla.netfilter.org/show_bug.cgi?id=1174">1174</a>
          </td>
        </tr>

        <tr>
          <th>Summary</th>
          <td>'define' functionality not sufficient for maintaining sets and the like
          </td>
        </tr>

        <tr>
          <th>Product</th>
          <td>nftables
          </td>
        </tr>

        <tr>
          <th>Version</th>
          <td>unspecified
          </td>
        </tr>

        <tr>
          <th>Hardware</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>OS</th>
          <td>All
          </td>
        </tr>

        <tr>
          <th>Status</th>
          <td>NEW
          </td>
        </tr>

        <tr>
          <th>Severity</th>
          <td>enhancement
          </td>
        </tr>

        <tr>
          <th>Priority</th>
          <td>P5
          </td>
        </tr>

        <tr>
          <th>Component</th>
          <td>nft
          </td>
        </tr>

        <tr>
          <th>Assignee</th>
          <td>pablo@netfilter.org
          </td>
        </tr>

        <tr>
          <th>Reporter</th>
          <td>netfilter@allycomm.com
          </td>
        </tr></table>
      <p>
        <div>
        <pre>Objective -- define in a single location a list of ports to be used in
initializing sets and in rules

Result -- no "obvious" way to do this

Expected -- define would either be a straight textual substitution, or would be
able to accept a notation appropriate for defining sets, maps, and the like
that need to be consistent across multiple uses in rule sets

The following fail, in various ways when trying to use
 elements = { $some_ports }

* define some_ports = { 80, 443 }
* define some_ports = 80, 443
* define some_ports = http, https
* define some_ports = 80

* define some_ports = "{ 80, 443 }"
fails when trying to use
  elements = $some_ports

* define no_ports = { } 
fails, as does directly using
* elements = { }

Agreed, can omit the elements declaration, but important:
* To clearly indicate that the intended initial condition is empty
* For automated script-generation tools which would otherwise need to test for
and branch if there were no elements

Typical context:

table ip global {

    set forwarded_ports {
        type inet_service
    elements = { 80, 443 }
    }

    set some_ports_set {
        type inet_service
    elements = { $some_ports }
    }

    set no_forwarded_ports {
        type inet_service
#    elements = {  }    # fails
    }

}</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are watching all bug changes.</li>
      </ul>
    </body>
</html>