#!/bin/bash

set -e

$NFT -f /dev/stdin <<"EOF"
table ip t {
	set s {
		type ipv4_addr . iface_index
		flags interval
		elements = { 127.0.0.1 . 1 }
	}

	set s2 {
		typeof ip saddr . meta iif
		elements = { 127.0.0.1 . 1 }
	}

	set s3 {
		type iface_index
		elements = { "lo" }
	}

	set s4 {
		type iface_index
		flags interval
		elements = { "lo" }
	}

	set nomatch {
		typeof ip saddr . meta iif
		elements = { 127.0.0.3 . 1 }
	}

	set nomatch2 {
		type ipv4_addr . iface_index
		elements = { 127.0.0.2 . 90000 }
	}

	chain c {
		type filter hook input priority filter;
		icmp type echo-request ip saddr . meta iif @s counter
		icmp type echo-request ip saddr . 1 @s counter
		icmp type echo-request ip saddr . "lo" @s counter
		icmp type echo-request ip saddr . meta iif @s2 counter
		icmp type echo-request ip saddr . 1 @s2 counter
		icmp type echo-request ip saddr . "lo" @s2 counter

		icmp type echo-request ip daddr . "lo" @s counter
		icmp type echo-request ip daddr . "lo" @s2 counter

		icmp type echo-request meta iif @s3 counter
		icmp type echo-request meta iif @s4 counter

		ip daddr . 1 @nomatch counter drop
		ip daddr . meta iif @nomatch2 counter drop
	}
}
EOF

$NFT add element t s { 127.0.0.2 . 1 }
$NFT add element t s2 { 127.0.0.2 . "lo" }

ip link set lo up
ping -q -c 1 127.0.0.2 > /dev/null