1#!/bin/bash -x 2 3$XT_MULTI iptables -N foo || exit 1 4$XT_MULTI iptables -P FORWARD DROP || exit 1 5$XT_MULTI iptables -X || exit 1 6$XT_MULTI iptables -X foo && exit 1 7 8# indefinite -X fails if a non-empty user-defined chain exists 9$XT_MULTI iptables -N foo 10$XT_MULTI iptables -N bar 11$XT_MULTI iptables -A bar -j ACCEPT 12$XT_MULTI iptables -X && exit 1 13$XT_MULTI iptables -D bar -j ACCEPT 14$XT_MULTI iptables -X || exit 1 15 16# make sure OUTPUT chain is created by iptables-nft 17$XT_MULTI iptables -A OUTPUT -j ACCEPT || exit 1 18$XT_MULTI iptables -D OUTPUT -j ACCEPT || exit 1 19 20case $XT_MULTI in 21*xtables-nft-multi) 22 # must not delete chain FORWARD, its policy is not ACCEPT 23 $XT_MULTI iptables -X FORWARD && exit 1 24 nft list chain ip filter FORWARD || exit 1 25 # this should evict chain OUTPUT 26 $XT_MULTI iptables -X OUTPUT || exit 1 27 nft list chain ip filter OUTPUT && exit 1 28 ;; 29*) 30 $XT_MULTI iptables -X FORWARD && exit 1 31 $XT_MULTI iptables -X OUTPUT && exit 1 32 ;; 33esac 34exit 0 35