#!/bin/bash
# test a kernel rollback operation
# fail reason: invalid set
GOOD_RULESET="table ip t {
set t {
type ipv4_addr
elements = { 1.1.1.1 }
}
chain c {
ct state new
tcp dport { 22222, 33333 }
ip saddr @t drop
jump other
}
chain other {
}
}"
BAD_RULESET="flush ruleset
table ip t2 {
set s2 {
type invalid
}
}"
$NFT -f - <<< "$GOOD_RULESET"
if [ $? -ne 0 ] ; then
echo "E: unable to load good ruleset" >&2
exit 1
fi
$NFT -f - <<< "$BAD_RULESET" 2>/dev/null
if [ $? -eq 0 ] ; then
echo "E: bogus ruleset loaded?" >&2
exit 1
fi