#!/bin/bash

set -e

RULESET="table ip filter {
	map client_to_any {
		type ipv4_addr : verdict
		elements = { 1.2.3.4 : goto CIn_1 }
	}

	chain FORWARD {
		type filter hook forward priority filter; policy accept;
		goto client_to_any
	}

	chain client_to_any {
		ip saddr vmap @client_to_any
	}

	chain CIn_1 {
	}
}"
$NFT -f - <<< "$RULESET"
if [ $? -ne 0 ] ; then
        echo "E: unable to load good ruleset" >&2
        exit 1
fi

GET="$($NFT list ruleset)"

if [ "$RULESET" != "$GET" ] ; then
	$DIFF -u <(echo "$RULESET") <(echo "$GET")
	exit 1
fi

RULESET="delete element ip filter client_to_any { 1.2.3.4 : goto CIn_1 }
delete chain ip filter CIn_1"
$NFT -f - <<< "$RULESET"
if [ $? -ne 0 ] ; then
        echo "E: unable to load good ruleset" >&2
        exit 1
fi