From c2e0a2e90a21c1168f0c1dcda8dfef514af9e468 Mon Sep 17 00:00:00 2001
From: Grant Slater <github@firefishy.com>
Date: Fri, 29 Aug 2025 16:08:01 +0100
Subject: [PATCH] All auto-merge on nft ip-blocklist sets

---
 cookbooks/networking/templates/default/nftables.conf.erb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 1ef38da7f..9cc1b78d4 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -27,11 +27,13 @@ table inet chef-filter {
   set ip-blocklist {
     type ipv4_addr
     flags interval
+    auto-merge
   }
 
   set ip6-blocklist {
     type ipv6_addr
     flags interval
+    auto-merge
   }
 
   set ratelimit-icmp-echo-ip {
-- 
2.39.5