nftables-exporter icon indicating copy to clipboard operation
nftables-exporter copied to clipboard
verified publisher icon metal-stack

Feature Request: Set metrics

Open cp-jordan opened this issue 6 months ago • 2 comments

Description

Similar to what exists for counting rules in chains and chains in tables, it would be helpful to have a gauge of sets in a table and elements in set. Sets are often used for blacklists & whitelists. It can be helpful to monitor the number and sizes of these. Here are some proposed metrics:

nftables_table_sets{family="inet",name="filter"} 2.0
nftables_table_sets{family="ip",name="nat"} 3.0

nftables_set_elements{family="inet",name="whitelist",table="filter"} 30.0
nftables_set_elements{family="inet",name="blacklist",table="filter"} 4125.0

cp-jordan avatar Oct 31 '25 20:10 cp-jordan

Hi, Thanks for your suggestion, i do not fully understand what do you like to achieve. As this is an open source project we are open for contributions and probably it makes it clearer if you open a pull request for what you actually require.

majst01 avatar Nov 02 '25 09:11 majst01

https://wiki.nftables.org/wiki-nftables/index.php/Sets

nftables uses sets for a variety of purposes: Lists of IPs, lists of ports, etc. In particular, I'm interested in named sets, which persist outside of a particular rule.

What I would like to see is for the exporter to gather metrics those named sets. E.g. seeing how many there are and how many items (elements) they contain. (e.g. if I have a rule that grants network access to a set of IPs named 'whitelist', it would be important to know if that set changes in size from 5 IPs to 500 IPs.)

If this is not something anyone else will be able or interested in doing, and I can find some time, I will consider contributing.

cp-jordan avatar Nov 04 '25 19:11 cp-jordan