test persist reload integration

tests/mocks/persist-fixture.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${PERSIST_RULES_V4:?PERSIST_RULES_V4 is required}"
+: "${PERSIST_RULES_V6:=}"
+: "${IPTABLES_SAVE_BIN:=iptables-save}"
+: "${IP6TABLES_SAVE_BIN:=ip6tables-save}"
+: "${IPTABLES_RESTORE_BIN:=iptables-restore}"
+: "${IP6TABLES_RESTORE_BIN:=ip6tables-restore}"
+: "${PERSIST_FIXTURE_LOG:=}"
+
+log_action() {
+  [[ -n ${PERSIST_FIXTURE_LOG} ]] || return 0
+  printf '%s %s\n' "$(basename -- "$0")" "$*" >>"${PERSIST_FIXTURE_LOG}"
+}
+
+save_family_rules() {
+  local save_bin=$1
+  local output_file=$2
+  [[ -n ${output_file} ]] || return 0
+  mkdir -p "$(dirname -- "${output_file}")"
+  if command -v "${save_bin}" >/dev/null 2>&1; then
+    "${save_bin}" >"${output_file}"
+  fi
+}
+
+reload_family_rules() {
+  local restore_bin=$1
+  local input_file=$2
+  [[ -n ${input_file} && -f ${input_file} ]] || return 0
+  if command -v "${restore_bin}" >/dev/null 2>&1; then
+    "${restore_bin}" <"${input_file}"
+  fi
+}
+
+case ${1-} in
+  save)
+    log_action "$@"
+    save_family_rules "${IPTABLES_SAVE_BIN}" "${PERSIST_RULES_V4}"
+    save_family_rules "${IP6TABLES_SAVE_BIN}" "${PERSIST_RULES_V6}"
+    ;;
+  reload)
+    log_action "$@"
+    reload_family_rules "${IPTABLES_RESTORE_BIN}" "${PERSIST_RULES_V4}"
+    reload_family_rules "${IP6TABLES_RESTORE_BIN}" "${PERSIST_RULES_V6}"
+    ;;
+  *)
+    printf 'usage: %s <save|reload>\n' "$(basename -- "$0")" >&2
+    exit 1
+    ;;
+esac