#!/bin/bash

# NFT_TEST_REQUIRES(NFT_TEST_HAVE_set_expr)

set -e

RULESET="table ip x {
	set est-connlimit {
		type ipv4_addr
		size 65535
		flags dynamic
		elements = { 84.245.120.167 ct count over 20 }
	}
}"

$NFT -f - <<< $RULESET

RULESET="table ip x {
	set new-connlimit {
		type ipv4_addr
		size 65535
		flags dynamic
		ct count over 20
		elements = { 84.245.120.167 }
	}
}"

$NFT -f - <<< $RULESET

$NFT flush set ip x est-connlimit
$NFT flush set ip x new-connlimit