#!/bin/sh

ret_val=0

# Check if all the kernel modules are available
FIREWALLD_KERNEL_MODULES="    xt_tcpudp     xt_TCPMSS     xt_set     xt_sctp     xt_REDIRECT     xt_pkttype     xt_NFLOG     xt_nat     xt_MASQUERADE     xt_mark     xt_mac     xt_LOG     xt_limit     xt_dccp     xt_CT     xt_conntrack     xt_CHECKSUM     nft_redir     nft_objref     nft_nat     nft_masq     nft_log     nfnetlink_log     nf_nat_tftp     nf_nat_sip     nf_nat_ftp     nf_log_syslog     nf_conntrack_tftp     nf_conntrack_sip     nf_conntrack_netbios_ns     nf_conntrack_ftp     nf_conntrack_broadcast     ipt_REJECT     ip6t_rpfilter     ip6t_REJECT     ip_set_hash_netport     ip_set_hash_netnet     ip_set_hash_netiface     ip_set_hash_net     ip_set_hash_mac     ip_set_hash_ipportnet     ip_set_hash_ipport     ip_set_hash_ipmark     ip_set_hash_ip     ebt_ip6     nft_fib_inet     nft_fib_ipv4     nft_fib_ipv6     nft_fib     nft_reject_inet     nf_reject_ipv4     nf_reject_ipv6     nft_reject     nft_ct     nft_chain_nat     ebtable_nat     ebtable_broute     ip6table_nat     ip6table_mangle     ip6table_raw     ip6table_security     iptable_nat     nf_nat     nf_conntrack     nf_defrag_ipv6     nf_defrag_ipv4     iptable_mangle     iptable_raw     iptable_security     ip_set     ebtable_filter     ebtables     ip6table_filter     ip6_tables     iptable_filter     ip_tables     x_tables     sch_fq_codel "
for m in $FIREWALLD_KERNEL_MODULES; do
    if modprobe $m; then
        echo "PASS: loading $m"
    else
        echo "FAIL: loading $m"
        ret_val=1
    fi
done

# Run the test suite from firewalld
# Failing testsuites: 203 226 241 250 270 280 281 282 285 286
# Problem icmpv6 compared against ipv6-icmptype?
/usr/share/firewalld/testsuite/testsuite -C /tmp -A || ret_val=1

exit $ret_val
