#!/bin/bash set -e dumpfile=$(dirname $0)/dumps/$(basename $0).nft $NFT -f $dumpfile port=23 for i in $(seq 1 100) ; do timeout=$((RANDOM%5)) timeout=$((timeout+1)) j=1 batched="{ $port timeout 3s : jump other_input " batched_addr="{ 10.0.$((i%256)).$j . $port timeout ${timeout}s : jump other_input " port=$((port + 1)) for j in $(seq 2 400); do timeout=$((RANDOM%5)) timeout=$((timeout+1)) batched="$batched, $port timeout ${timeout}s : jump other_input " batched_addr="$batched_addr, 10.0.$((i%256)).$((j%256)) . $port timeout ${timeout}s : jump other_input " port=$((port + 1)) done fail_addr="$batched_addr, 1.2.3.4 . 23 timeout 5m : jump other_input, 1.2.3.4 . 23 timeout 3m : jump other_input }" fail="$batched, 23 timeout 1m : jump other_input, 23 : jump other_input }" batched="$batched }" batched_addr="$batched_addr }" if [ $i -gt 90 ]; then # must fail, we create and $fail/$fail_addr contain one element twice. $NFT create element inet filter portmap "$fail" && exit 111 $NFT create element inet filter portaddrmap "$fail_addr" && exit 112 fi $NFT add element inet filter portmap "$batched" $NFT add element inet filter portaddrmap "$batched_addr" done $NFT add element inet filter portaddrmap { "* timeout 2s : drop" } $NFT add element inet filter portmap { "* timeout 3s : drop" } # wait for elements to time out sleep 5