nftables: Filter on interface and ip block?

Question

This does not work (via systemd restart nftables, which should load /etc/nftables.conf):

cat /etc/nftables.d/forward/example.conf

meta oifname "eth2" ip daddr 5.6.7.8/30 accept
^^^^^^^^^^^^^^^^^^^ ~~~~
Error: Statement after terminal statement has no effect

But this also does not work:

ip daddr 5.6.7.8/30 meta oifname "eth2" accept
^^^^^^^^^^^^^^^^^^^ ~~~~
Error: Statement after terminal statement has no effect

Neither does this (using a concatenation example)

ip daddr . meta oifname {5.6.7.8/30 . "eth2"} accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Statement after terminal statement has no effect

Note: Contents of /etc/nftables.conf:

#!/usr/sbin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority filter;
        }
        chain forward {
                type filter hook forward priority filter;
                include "/etc/nftables.d/forward/*.conf"
        }
        chain output {
                type filter hook output priority filter;
        }
}

How do I do both, which would be necessary if this ip range isn't always routed to eth2 (policy routes, for example), and eth2 doesn't just contain this ip range?

Answer 1

I found the problem (finally). DOS line endings. I had not fixed all the files and tried different notations found in guides (which were wrong).

/r/n is invisible, but /r is of course a symbol 'before' the line ending. nftables doesn't like /r and tries to read it as a syntax symbol, then complains that there's 'something extra' after the end of the rule.