m4_if(nftables, FIREWALL_BACKEND, [
FWD_START_TEST([nftables helper objects])
AT_KEYWORDS(helper gh453)

CHECK_NFT_CT_HELPER

FWD_CHECK([-q --set-automatic-helpers=no])

FWD_CHECK([-q --add-service=ftp])
NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-ftp-tcp"], 0, [m4_strip([dnl
    ct helper helper-ftp-tcp {
    type "ftp" protocol tcp
    l3proto inet
    }
])])
NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
    table inet firewalld {
    chain filter_IN_public_allow {
    tcp dport 22 ct state new,untracked accept
    ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
    tcp dport 9090 ct state new,untracked accept
    tcp dport 21 ct helper set "helper-ftp-tcp"
    tcp dport 21 ct state new,untracked accept
    }
    }
])

FWD_CHECK([-q --add-service=sip])
NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-tcp"], 0, [m4_strip([dnl
    ct helper helper-sip-tcp {
    type "sip" protocol tcp
    l3proto inet
    }
])])
NS_CHECK([nft list ruleset | TRIM_WHITESPACE |grep -A3 "ct helper helper-sip-udp"], 0, [m4_strip([dnl
    ct helper helper-sip-udp {
    type "sip" protocol udp
    l3proto inet
    }
])])
NFT_LIST_RULES([inet], [filter_IN_public_allow], 0, [dnl
    table inet firewalld {
    chain filter_IN_public_allow {
    tcp dport 22 ct state new,untracked accept
    ip6 daddr fe80::/64 udp dport 546 ct state new,untracked accept
    tcp dport 9090 ct state new,untracked accept
    tcp dport 21 ct helper set "helper-ftp-tcp"
    tcp dport 21 ct state new,untracked accept
    tcp dport 5060 ct helper set "helper-sip-tcp"
    udp dport 5060 ct helper set "helper-sip-udp"
    tcp dport 5060 ct state new,untracked accept
    udp dport 5060 ct state new,untracked accept
    }
    }
])

FWD_END_TEST
])