#!/bin/bash

RULESET="table inet filter {
	set example {
		type ipv4_addr
		flags interval
		elements = { 10.10.10.10, 10.10.11.11 }
	}

	chain input {
		type filter hook prerouting priority filter; policy accept;
		ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
	}
}"

set -e

$NFT -f - <<< "$RULESET"

GET="$($NFT list ruleset)"
if [ "$RULESET" != "$GET" ] ; then
	$DIFF -u <(echo "$RULESET") <(echo "$GET")
	exit 1
fi

EXPECTED="table inet filter {
	set example {
		type ipv4_addr
		flags interval
	}

	chain input {
		type filter hook prerouting priority filter; policy accept;
		ip saddr != { 10.10.10.100, 10.10.10.111 } ip saddr @example drop
	}
}"

GET="$($NFT -t list ruleset)"
if [ "$EXPECTED" != "$GET" ] ; then
	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
	exit 1
fi

EXPECTED="table inet filter {
	set example {
		type ipv4_addr
		flags interval
		elements = { 10.10.10.10, 10.10.11.11 }
	}
}"

GET="$($NFT list set inet filter example)"
if [ "$EXPECTED" != "$GET" ] ; then
	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
	exit 1
fi

EXPECTED="table inet filter {
	set example {
		type ipv4_addr
		flags interval
	}
}"

GET="$($NFT -t list set inet filter example)"
if [ "$EXPECTED" != "$GET" ] ; then
	$DIFF -u <(echo "$EXPECTED") <(echo "$GET")
	exit 1
fi
