/usr/local/sbin/post-firewall

post-firewall

#!/bin/sh
# /usr/local/sbin/post-firewall
# $1 = vlan1
# $2 = 192.168.1.1

iptables -t nat -I PREROUTING 1 -p tcp -d "$2" --dport 80 -j DNAT --to "$2":8082
iptables -t nat -D PREROUTING -i "$1" -p tcp --dport 80 -j DROP
iptables -t nat -I PREROUTING 2 -i "$1" -p tcp --dport 8082 -j DROP
iptables -I INPUT 1 -i "$1" -d "$2" -p tcp --syn --dport 8082 -j ACCEPT