#!/bin/bash # test a kernel rollback operation # fail reason: invalid set tmpfile=$(mktemp) if [ ! -w $tmpfile ] ; then echo "Failed to create tmp file" >&2 exit 0 fi trap "rm -rf $tmpfile" EXIT # cleanup if aborted GOOD_RULESET="table ip t { set t { type ipv4_addr elements = { 1.1.1.1 } } chain c { ct state new tcp dport { 22222 } ip saddr @t drop jump other } chain other { } }" BAD_RULESET="flush ruleset table ip t2 { set s2 { type invalid } }" echo "$GOOD_RULESET" > $tmpfile $NFT -f $tmpfile if [ $? -ne 0 ] ; then echo "E: unable to load good ruleset" >&2 exit 1 fi echo "$BAD_RULESET" > $tmpfile $NFT -f $tmpfile 2>/dev/null if [ $? -eq 0 ] ; then echo "E: bogus ruleset loaded?" >&2 exit 1 fi