nftables Named Set Update Delay

I have the following in nftables.conf: table inet nat { set blocked { type ipv4_addr } chain postrouting { type nat hook postrouting priority 100; policy accept; ip daddr @blocked counter drop; oifname "ppp0" masquerade; iifname "br-3e4d90a574de" masquerade; } } The set blocked is a [named set](https://wiki.nftables.org/wiki-nftables/index.php/Sets#Named_sets) which can be updated dynamically. It is in this set I wish to have a collection of IPs to block, updated every *n* minutes. In order to preserve the [atomicity](https://wiki.nftables.org/wiki-nftables/index.php/Atomic_rule_replacement) , I am **not** using the following (updateblock.sh) to update the list: #!/bin/bash sudo nft flush set inet nat blocked sudo nft add element inet nat blocked {$nodes} But rather blockediplist.ruleset: #!/usr/sbin/nft -f flush set inet nat blocked add element inet nat blocked { } I use the following order of commands: nft -f /etc/nftables.conf nft -f blockediplist.ruleset However the changes in blockediplist.ruleset are not immediately applied. I know the ruleset now contains the new IPs because the IPs are present in nft list ruleset and nft list set inet nat blocked. Even just with nft add element inet nat blocked { } is the IP not being instantly blocked. An alternative method would be to define a new set and reload nftables.conf in its entirety, though I think this would be a poor and inefficient way of doing things. Is there a way to force the changes in blockediplist.ruleset to be applied immediately? **UPDATE:** I've just discovered that when I block an IP which I haven't pinged, it gets blocked instantly. However when adding an IP to the blocklist mid-ping it takes a while for it to be blocked. When I try a set with netdev ingress the IP gets blocked instantly. Maybe this avenue of investigation might reveal something.