// Every returned chain should match 1 expected chain (or <2 if testing against the system)
	for _, chain := range chains {
		nMatched := 0
		for _, expectedChain := range test.expectedChains {
			if doesMatch(expectedChain, chain) {
				nMatched++
			}
		}
		// Allow additional unknown chains if systemLax is set
		if nMatched == 0 && test.systemLax == false || nMatched > 1 {

		add chain ip kube-proxy firewall-check
		add chain ip kube-proxy mark-for-masquerade
		add chain ip kube-proxy masquerading
		add chain ip kube-proxy nat-output { type nat hook output priority -100 ; }
		add chain ip kube-proxy nat-postrouting { type nat hook postrouting priority 100 ; }

	"central_african_republic":             "\U0001f1e8\U0001f1eb",
	"ceuta_melilla":                        "\U0001f1ea\U0001f1e6",
	"chad":                                 "\U0001f1f9\U0001f1e9",
	"chains":                               "\u26d3\ufe0f",
	"chair":                                "\U0001fa91",
	"champagne":                            "\U0001f37e",
	"chart":                                "\U0001f4b9",

	CertInfo     *CertInfo
	Store        Handle
}

type CertChainContext struct {
	Size                       uint32
	TrustStatus                CertTrustStatus
	ChainCount                 uint32
	Chains                     **CertSimpleChain
	LowerQualityChainCount     uint32
	LowerQualityChains         **CertChainContext
	HasRevocationFreshnessTime uint32
	RevocationFreshnessTime    uint32
}

        // A) FileSizer from artifactType=jar to artifactType=intermediate
        // B) FileSizer from artifactType=intermediate to artifactType=final

        // We could potentially construct the following transform chains:
        // 1) primary -> A -> B -> requested
        //  - artifactType=final
        //  - extraAttribute=preferred
        // 2) secondary -> B -> requested
        //  - artifactType=final

			ps.writeByte('[')
		}
		ps.print(b.Left)
		if op.Name == "]=" {
			ps.writeByte(']')
		}
		if isDesignatedInitializer(b.Right) {
			// Don't add anything between designated
			// initializer chains.
			ps.print(b.Right)
		} else {
			if ps.llvmStyle {
				ps.writeString(" = ")
				ps.print(b.Right)
			} else {
				ps.writeByte('=')
				parenthesize(ps, b.Right)
			}
		}

    client =
      client.newBuilder()
        .addInterceptor(
          Interceptor { chain: Interceptor.Chain ->
            try {
              chain.proceed(chain.request())
              throw AssertionError()
            } catch (expected: IOException) {
              chain.proceed(chain.request())
            }
          },
        )
        .build()

little of the right-hand bit to try the effect:  the next moment
she felt a violent blow underneath her chin:  it had struck her
foot!

  She was a good deal frightened by this very sudden change, but
she felt that there was no time to be lost, as she was shrinking
rapidly; so she set to work at once to eat some of the other bit.
Her chin was pressed so closely against her foot, that there was

little of the right-hand bit to try the effect:  the next moment
she felt a violent blow underneath her chin:  it had struck her
foot!

  She was a good deal frightened by this very sudden change, but
she felt that there was no time to be lost, as she was shrinking
rapidly; so she set to work at once to eat some of the other bit.
Her chin was pressed so closely against her foot, that there was

		if !strings.HasPrefix(l, "-A ") {
			continue
		}
		rule, _ := iptablestest.ParseRule(l, false)
		if rule != nil && rule.Chain == chain {
			rules = append(rules, rule)
		}
	}
	return rules
}

// checkIptables to check expected iptables chain and rules. The got rules must have same number and order as the
// expected rules.