#!/bin/bash

set -e

$NFT add table t
$NFT add chain t input {type filter hook input priority 4 \; }
$NFT add chain t c1
$NFT add rule t input jump c1

# kernel should return EOPNOTSUPP
$NFT add rule t c1 masquerade 2>/dev/null >&2 || exit 0

echo "E: Accepted masquerade rule in non-nat type base chain" 1>&2
exit 1