#!/bin/bash ip link set lo up $NFT -f - </dev/null || exit 2 # should work, polict is accept. ping -q -c 1 127.0.0.1 >/dev/null || exit 1 $NFT -f - </dev/null || exit 2 # should fail, policy is set to drop ping -W 1 -q -c 1 127.0.0.1 >/dev/null 2>&1 && exit 1 exit 0