set -e
$NFT add table test-ip
-$NFT add chain test-ip x # should have handle 1
-$NFT add chain test-ip y # should have handle 2
-$NFT add chain test-ip z # should have handle 3
+$NFT add chain test-ip x
+$NFT add chain test-ip y
+$NFT add chain test-ip z
$NFT add table ip6 test-ip6
-$NFT add chain ip6 test-ip6 x # should have handle 1
-$NFT add chain ip6 test-ip6 y # should have handle 2
-$NFT add chain ip6 test-ip6 z # should have handle 3
-$NFT delete chain test-ip handle 2
-$NFT delete chain ip6 test-ip6 handle 3
+$NFT add chain ip6 test-ip6 x
+$NFT add chain ip6 test-ip6 y
+$NFT add chain ip6 test-ip6 z
+
+chain_y_handle=$($NFT list ruleset -a | awk -v n=1 '/chain y/ && !--n {print $NF; exit}');
+chain_z_handle=$($NFT list ruleset -a | awk -v n=2 '/chain z/ && !--n {print $NF; exit}');
+
+$NFT delete chain test-ip handle $chain_y_handle
+$NFT delete chain ip6 test-ip6 handle $chain_z_handle
set -e
$NFT add table test-ip
-$NFT add counter test-ip https-traffic # should have handle 1
-$NFT add quota test-ip https-quota 25 mbytes # should have handle 2
-$NFT add map test-ip ports { type inet_service : quota \; } # should have handle 3
+$NFT add counter test-ip https-traffic
+$NFT add quota test-ip https-quota 25 mbytes
+$NFT add map test-ip ports { type inet_service : quota \; }
$NFT add table ip6 test-ip6
-$NFT add quota ip6 test-ip6 http-quota over 25 mbytes # should have handle 1
-$NFT add counter ip6 test-ip6 http-traffic # should have handle 2
-$NFT add quota ip6 test-ip6 ssh-quota 10 mbytes # should have handle 3
-$NFT delete counter test-ip handle 1
-$NFT delete quota ip6 test-ip6 handle 3
+$NFT add quota ip6 test-ip6 http-quota over 25 mbytes
+$NFT add counter ip6 test-ip6 http-traffic
+$NFT add quota ip6 test-ip6 ssh-quota 10 mbytes
+
+counter_handle=$($NFT list ruleset -a | awk '/https-traffic/{print $NF}')
+quota_handle=$($NFT list ruleset -a | awk '/ssh-quota/{print $NF}')
+$NFT delete counter test-ip handle $counter_handle
+$NFT delete quota ip6 test-ip6 handle $quota_handle
EXPECTED="table ip test-ip {
quota https-quota {
- 25 mbytes used 2 bytes
- } # handle 2
+ 25 mbytes
+ }
map ports {
type inet_service : quota
- } # handle 3
-} # handle 1
+ }
+}
table ip6 test-ip6 {
quota http-quota {
- over 25 mbytes used 1 bytes
- } # handle 1
+ over 25 mbytes
+ }
counter http-traffic {
- packets 0 bytes 2
- } # handle 2
-} # handle 2"
+ packets 0 bytes 0
+ }
+}"
-GET="$($NFT list ruleset -a)"
+GET="$($NFT list ruleset)"
if [ "$EXPECTED" != "$GET" ] ; then
DIFF="$(which diff)"
set -e
$NFT add table test-ip
-$NFT add set test-ip x { type ipv4_addr\; } # should have handle 1
-$NFT add set test-ip y { type inet_service \; timeout 3h45s \;} # should have handle 2
-$NFT add set test-ip z { type ipv4_addr\; flags constant , interval\;} # should have handle 3
-$NFT add set test-ip c {type ipv4_addr \; flags timeout \; elements={192.168.1.1 timeout 10s, 192.168.1.2 timeout 30s} \;} #should have handle 4
-$NFT delete set test-ip handle 4
+$NFT add set test-ip x { type ipv4_addr\; }
+$NFT add set test-ip y { type inet_service \; timeout 3h45s \;}
+$NFT add set test-ip z { type ipv4_addr\; flags constant , interval\;}
+$NFT add set test-ip c {type ipv4_addr \; flags timeout \; elements={192.168.1.1 timeout 10s, 192.168.1.2 timeout 30s} \;}
+
+set_handle=$($NFT list ruleset -a | awk '/set\ c/{print $NF}')
+$NFT delete set test-ip handle $set_handle
EXPECTED="table ip test-ip {
set x {
projects / thirdparty / nftables.git / commitdiff
