#!/bin/bash

set -e

format_offset () {
	local i=$1
	if ((i == 0))
	then
		echo ""
	elif ((i > 0))
	then
		echo "+$i"
	else
		echo "$i"
	fi
}

chainname () {
	local hook=$1
	local prioname=$2
	local priooffset=$3

	echo "${hook}${prioname}${priooffset}" | tr "\-+" "mp"
}

gen_chains () {
	local family=$1
	local hook=$2
	local prioname=$3

	for i in -11 -10 0 10 11
	do
		local offset=`format_offset $i`
		$NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook priority $prioname $offset; }"
	done
}

for family in ip ip6 inet
do
	$NFT add table $family x
	for hook in prerouting input forward output postrouting
	do
		for prioname in raw mangle filter security
		do
			gen_chains $family $hook $prioname
		done
	done

	gen_chains $family prerouting dstnat
	gen_chains $family postrouting srcnat
done


family=arp
$NFT add table $family x
for hook in input output
do
	gen_chains $family $hook filter
done


family=netdev
$NFT add table $family x
hook=ingress
prioname=filter
for i in -11 -10 0 10 11
do
	offset=`format_offset $i`
	$NFT add chain $family x `chainname $hook $prioname $offset` "{ type filter hook $hook device lo priority $prioname $offset; }"
done

family=bridge
$NFT add table $family x
for hook in prerouting input forward output postrouting
do
	gen_chains $family $hook filter
done

gen_chains $family prerouting dstnat
gen_chains $family output out
gen_chains $family postrouting srcnat