#!/bin/bash

[[ $XT_MULTI == *xtables-nft-multi ]] || { echo "skip $XT_MULTI"; exit 0; }

# make sure none of the commands invoking nft_xt_builtin_init() override
# non-default chain policies via needless chain add.

RC=0

do_test() {
	$XT_MULTI $@
	$XT_MULTI iptables -S | grep -q -- '-P FORWARD DROP' && return

	echo "command '$@' kills chain policies"
	$XT_MULTI iptables -P FORWARD DROP
	RC=1
}

$XT_MULTI iptables -P FORWARD DROP

do_test iptables -A OUTPUT -j ACCEPT
do_test iptables -F
do_test iptables -N foo
do_test iptables -E foo foo2
do_test iptables -I OUTPUT -j ACCEPT
do_test iptables -nL
do_test iptables -S

exit $RC
