#!/bin/bash

set -e

RULESET="table ip filter {

	map client_to_any {

		type ipv4_addr : verdict

		elements = { 1.2.3.4 : goto CIn_1 }

	}

	chain FORWARD {

		type filter hook forward priority filter; policy accept;

		goto client_to_any

	}

	chain client_to_any {

		ip saddr vmap @client_to_any

	}

	chain CIn_1 {

	}

}"

$NFT -f - <<< "$RULESET"

if [ $? -ne 0 ] ; then

        echo "E: unable to load good ruleset" >&2

        exit 1

fi

GET="$($NFT list ruleset)"

if [ "$RULESET" != "$GET" ] ; then

	DIFF="$(which diff)"

	[ -x $DIFF ] && $DIFF -u <(echo "$RULESET") <(echo "$GET")

	exit 1

fi

RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 }

delete chain ip filter CIn_1"

$NFT -f - <<< "$RULESET"

if [ $? -ne 0 ] ; then

        echo "E: unable to load good ruleset" >&2

        exit 1

fi