#!/bin/bash

RC=0

$XT_MULTI iptables -6 -A FORWARD -j ACCEPT
rc=$?
if [[ $rc -ne 2 ]]; then
	echo "'iptables -6' returned $rc instead of 2"
	RC=1
fi

$XT_MULTI ip6tables -4 -A FORWARD -j ACCEPT
rc=$?
if [[ $rc -ne 2 ]]; then
	echo "'ip6tables -4' returned $rc instead of 2"
	RC=1
fi

RULESET='*filter
-4 -A FORWARD -d 10.0.0.1 -j ACCEPT
-6 -A FORWARD -d fec0:10::1 -j ACCEPT
COMMIT
'
EXPECT4='-P FORWARD ACCEPT
-A FORWARD -d 10.0.0.1/32 -j ACCEPT'
EXPECT6='-P FORWARD ACCEPT
-A FORWARD -d fec0:10::1/128 -j ACCEPT'
EXPECT_EMPTY='-P FORWARD ACCEPT'

echo "$RULESET" | $XT_MULTI iptables-restore || {
	echo "iptables-restore failed!"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT4") <($XT_MULTI iptables -S FORWARD) || {
	echo "unexpected iptables ruleset"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT_EMPTY") <($XT_MULTI ip6tables -S FORWARD) || {
	echo "unexpected non-empty ip6tables ruleset"
	RC=1
}

$XT_MULTI iptables -F FORWARD

echo "$RULESET" | $XT_MULTI ip6tables-restore || {
	echo "ip6tables-restore failed!"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT6") <($XT_MULTI ip6tables -S FORWARD) || {
	echo "unexpected ip6tables ruleset"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT_EMPTY") <($XT_MULTI iptables -S FORWARD) || {
	echo "unexpected non-empty iptables ruleset"
	RC=1
}

$XT_MULTI ip6tables -F FORWARD

$XT_MULTI iptables -4 -A FORWARD -d 10.0.0.1 -j ACCEPT || {
	echo "iptables failed!"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT4") <($XT_MULTI iptables -S FORWARD) || {
	echo "unexpected iptables ruleset"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT_EMPTY") <($XT_MULTI ip6tables -S FORWARD) || {
	echo "unexpected non-empty ip6tables ruleset"
	RC=1
}

$XT_MULTI iptables -F FORWARD

$XT_MULTI ip6tables -6 -A FORWARD -d fec0:10::1 -j ACCEPT || {
	echo "ip6tables failed!"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT6") <($XT_MULTI ip6tables -S FORWARD) || {
	echo "unexpected ip6tables ruleset"
	RC=1
}
diff -u -Z <(echo -e "$EXPECT_EMPTY") <($XT_MULTI iptables -S FORWARD) || {
	echo "unexpected non-empty iptables ruleset"
	RC=1
}

exit $RC