#!/bin/bash RULESET="table inet x { # comment # comment 1 # comment 2 set y { # comment here type ipv4_addr # comment elements = { # 1.1.1.1 2.2.2.2, # comment # more comments 3.3.3.3, # comment # comment } # comment } # comments are allowed here chain y { # comments are allowed here icmpv6 type { 1, # comments are allowed here 2, } accept icmp type { # comment 1, # comments also allowed here 2, } accept tcp dport { # normal FTP 21, # patched FTP 2121 } counter accept } } " $NFT -f - <<< "$RULESET"