#!/bin/bash

set -e

#set -x

# ensure verbose output is identical between legacy and nft tools

RULE1='-i eth2 -o eth3 -s 10.0.0.1 -d 10.0.0.2 -j ACCEPT'

VOUT1='ACCEPT  all opt -- in eth2 out eth3  10.0.0.1  -> 10.0.0.2'

RULE2='-i eth2 -o eth3 -s 10.0.0.4 -d 10.0.0.5 -j ACCEPT'

VOUT2='ACCEPT  all opt -- in eth2 out eth3  10.0.0.4  -> 10.0.0.5'

diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -A FORWARD $RULE1)

diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -I FORWARD 2 $RULE2)

diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -C FORWARD $RULE1)

diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -C FORWARD $RULE2)

EXPECT='Chain INPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination

    0     0 ACCEPT     all  --  eth2   eth3    10.0.0.1             10.0.0.2

    0     0 ACCEPT     all  --  eth2   eth3    10.0.0.4             10.0.0.5

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination'

diff -u -Z <(echo -e "$EXPECT") <($XT_MULTI iptables -v -n -L)

diff -u -Z <(echo -e "$VOUT1") <($XT_MULTI iptables -v -D FORWARD $RULE1)

diff -u -Z <(echo -e "$VOUT2") <($XT_MULTI iptables -v -D FORWARD $RULE2)

EXPECT="Flushing chain \`INPUT'

Flushing chain \`FORWARD'

Flushing chain \`OUTPUT'"

diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -F)

EXPECT="Zeroing chain \`INPUT'

Zeroing chain \`FORWARD'

Zeroing chain \`OUTPUT'"

diff -u <(echo -e "$EXPECT") <($XT_MULTI iptables -v -Z)

diff -u <(echo "Flushing chain \`OUTPUT'") <($XT_MULTI iptables -v -F OUTPUT)

diff -u <(echo "Zeroing chain \`OUTPUT'") <($XT_MULTI iptables -v -Z OUTPUT)

$XT_MULTI iptables -N foo

diff -u <(echo "Deleting chain \`foo'") <($XT_MULTI iptables -v -X foo)