#!/bin/bash
set -e
EXPECTED="table ip filter {
map m {
type ipv4_addr : mark
flags interval
elements = { 127.0.0.2 : 0x00000002, 127.0.0.3 : 0x00000003 }
}
chain input {
type filter hook input priority filter; policy accept;
meta mark set ip daddr map @m
meta mark 0x00000002 counter accept
meta mark 0x00000003 counter accept
counter
}
}"
$NFT -f - <<< "$EXPECTED"
$NFT delete element filter m { 127.0.0.2 }
$NFT delete element filter m { 127.0.0.3 }
$NFT add element filter m { 127.0.0.3 : 0x3 }
$NFT add element filter m { 127.0.0.2 : 0x2 }
GET=$($NFT list ruleset -s)
if [ "$EXPECTED" != "$GET" ] ; then
DIFF="$(which diff)"
[ -x $DIFF ] && $DIFF -u <(echo "$EXPECTED") <(echo "$GET")
exit 1
fi