From 4791cfe93cdde2cb375033164c3bf51e8c65f4c4 Mon Sep 17 00:00:00 2001
From: Gregory Thiemonge <gthiemon@redhat.com>
Date: Wed, 24 Nov 2021 16:55:25 +0100
Subject: [PATCH] Fix nft command line with negative priority values

When using nft with negative priority values it is recommended to use --
to prevent the parser to interpret the value as an argument.

Story 2009710
Task 44065

Change-Id: Ia6bc6eee3df30bfb3c0acccf902267fd2a4d37f6
---
 .../amphora-agent/static/usr/local/bin/lvs-masquerade.sh  | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
index 99a0cf4564..5ce2a8ba77 100755
--- a/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
+++ b/elements/amphora-agent/static/usr/local/bin/lvs-masquerade.sh
@@ -38,9 +38,9 @@ if [ "$1" == "add" ]; then
             nft add rule ip octavia-ipv4 ip-udp-masq oifname "$3" meta l4proto udp masquerade
             nft add chain ip octavia-ipv4 ip-sctp-masq { type nat hook postrouting priority 100\;}
             nft add rule ip octavia-ipv4 ip-sctp-masq oifname "$3" meta l4proto sctp masquerade
-            nft add chain ip octavia-ipv4 prerouting { type filter hook prerouting priority -300 \; }
+            nft -- add chain ip octavia-ipv4 prerouting { type filter hook prerouting priority -300 \; }
             nft add rule ip octavia-ipv4 prerouting iifname "$3" meta l4proto tcp notrack
-            nft add chain ip octavia-ipv4 output { type filter hook output priority -300 \; }
+            nft -- add chain ip octavia-ipv4 output { type filter hook output priority -300 \; }
             nft add rule ip octavia-ipv4 output oifname "$3" meta l4proto tcp notrack
 
         elif [ "$2" == "ipv6" ]; then
@@ -49,9 +49,9 @@ if [ "$1" == "add" ]; then
             nft add rule ip6 octavia-ipv6 ip6-udp-masq oifname "$3" meta l4proto udp masquerade
             nft add chain ip6 octavia-ipv6 ip6-sctp-masq { type nat hook postrouting priority 100\;}
             nft add rule ip6 octavia-ipv6 ip6-sctp-masq oifname "$3" meta l4proto sctp masquerade
-            nft add chain ip6 octavia-ipv6 prerouting { type filter hook prerouting priority -300 \; }
+            nft -- add chain ip6 octavia-ipv6 prerouting { type filter hook prerouting priority -300 \; }
             nft add rule ip6 octavia-ipv6 prerouting iifname "$3" meta l4proto tcp notrack
-            nft add chain ip6 octavia-ipv6 output { type filter hook output priority -300 \; }
+            nft -- add chain ip6 octavia-ipv6 output { type filter hook output priority -300 \; }
             nft add rule ip6 octavia-ipv6 output oifname "$3" meta l4proto tcp notrack
         else
             usage