hansode/gist:755936

## gistfile1.sh
#!/bin/bash
#
#
#
nic=${1:-'eth0'}
#vif-jly0dfqe

bounds="s d"
cmds="F X Z"

protocols="udp tcp"
tables="filter nat"


#
# flush
#
for table in ${tables}; do
  for cmd in ${cmds}; do
    sudo iptables -t ${table} -${cmd}
  done
done

#
# main
#
for table in ${tables}; do
  for bound in ${bounds}; do
    case ${table} in
    filter)
      chain=${bound}_${nic}
      ;;
    nat)
      chain=${bound}nat_${nic}
      ;;
    esac
    sudo iptables -t ${table} -N ${chain}

    for protocol in ${protocols}; do
      sudo iptables -t ${table} -N ${chain}_${protocol}
    done
  done
done


for protocol in ${protocols}; do
  sudo iptables -t nat    -A PREROUTING                                                       -j dnat_${nic}_${protocol}
  sudo iptables -t filter -A FORWARD     -m physdev --physdev-is-bridged --physdev-out ${nic} -j    d_${nic}_${protocol}
  sudo iptables -t filter -A FORWARD     -m physdev --physdev-is-bridged --physdev-in  ${nic} -j    s_${nic}_${protocol}
  sudo iptables -t nat    -A POSTROUTING -m physdev --physdev-is-bridged                      -j snat_${nic}_${protocol}

  sudo iptables -t nat    -A dnat_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "dnat_${nic}_${protocol}: "
  sudo iptables -t filter -A d_${nic}_${protocol}    -p ${protocol} -j LOG --log-level 4 --log-prefix    "d_${nic}_${protocol}: "
  sudo iptables -t filter -A s_${nic}_${protocol}    -p ${protocol} -j LOG --log-level 4 --log-prefix    "s_${nic}_${protocol}: "
  sudo iptables -t nat    -A snat_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "snat_${nic}_${protocol}: "
done


for table in ${tables}; do
  for bound in ${bounds}; do
    case ${table} in
    filter)
      chain=${bound}_${nic}
      ;;
    nat)
      chain=${bound}nat_${nic}
      ;;
    esac

    for protocol in ${protocols}; do
      sudo iptables -t ${table} -A ${chain} -p tcp -j LOG --log-level 4 --log-prefix "${chain}: "
    done
  done
done


for table in ${tables}; do
  sudo iptables -t ${table} -nL
done
	#!/bin/bash
	#
	#
	#
	nic=${1:-'eth0'}
	#vif-jly0dfqe

	bounds="s d"
	cmds="F X Z"

	protocols="udp tcp"
	tables="filter nat"


	#
	# flush
	#
	for table in ${tables}; do
	for cmd in ${cmds}; do
	sudo iptables -t ${table} -${cmd}
	done
	done

	#
	# main
	#
	for table in ${tables}; do
	for bound in ${bounds}; do
	case ${table} in
	filter)
	chain=${bound}_${nic}
	;;
	nat)
	chain=${bound}nat_${nic}
	;;
	esac
	sudo iptables -t ${table} -N ${chain}

	for protocol in ${protocols}; do
	sudo iptables -t ${table} -N ${chain}_${protocol}
	done
	done
	done


	for protocol in ${protocols}; do
	sudo iptables -t nat -A PREROUTING -j dnat_${nic}_${protocol}
	sudo iptables -t filter -A FORWARD -m physdev --physdev-is-bridged --physdev-out ${nic} -j d_${nic}_${protocol}
	sudo iptables -t filter -A FORWARD -m physdev --physdev-is-bridged --physdev-in ${nic} -j s_${nic}_${protocol}
	sudo iptables -t nat -A POSTROUTING -m physdev --physdev-is-bridged -j snat_${nic}_${protocol}

	sudo iptables -t nat -A dnat_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "dnat_${nic}_${protocol}: "
	sudo iptables -t filter -A d_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "d_${nic}_${protocol}: "
	sudo iptables -t filter -A s_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "s_${nic}_${protocol}: "
	sudo iptables -t nat -A snat_${nic}_${protocol} -p ${protocol} -j LOG --log-level 4 --log-prefix "snat_${nic}_${protocol}: "
	done



	for table in ${tables}; do
	for bound in ${bounds}; do
	case ${table} in
	filter)
	chain=${bound}_${nic}
	;;
	nat)
	chain=${bound}nat_${nic}
	;;
	esac

	for protocol in ${protocols}; do
	sudo iptables -t ${table} -A ${chain} -p tcp -j LOG --log-level 4 --log-prefix "${chain}: "
	done
	done
	done


	for table in ${tables}; do
	sudo iptables -t ${table} -nL
	done