#!/bin/bash # test a kernel rollback operation # fail reason: invalid set GOOD_RULESET="table ip t { set t { type ipv4_addr elements = { 1.1.1.1 } } chain c { ct state new tcp dport { 22222 } ip saddr @t drop jump other } chain other { } }" BAD_RULESET="flush ruleset table ip t2 { set s2 { type invalid } }" $NFT -f - <<< $GOOD_RULESET if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi $NFT -f - <<< $BAD_RULESET 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi