# bash completion for iptables -*- shell-script -*- _iptables() { local cur prev words cword split _init_completion -s || return local table chain='s/^Chain \([^ ]\{1,\}\).*$/\1/p' if [[ ${words[@]} == *-t\ *filter* ]]; then table="-t filter" elif [[ ${words[@]} == *-t\ *nat* ]]; then table="-t nat" elif [[ ${words[@]} == *-t\ *mangle* ]]; then table="-t mangle" fi case $prev in -*[AIDRPFXLZ]) COMPREPLY=( $( compgen -W '`iptables $table -nL | \ sed -ne "s/^Chain \([^ ]\{1,\}\).*$/\1/p"`' -- "$cur" ) ) ;; -*t) COMPREPLY=( $( compgen -W 'nat filter mangle' -- "$cur" ) ) ;; -j) if [[ "$table" == "-t filter" || -z "$table" ]]; then COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT `iptables $table -nL | sed -ne "$chain" \ -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \ "$cur" ) ) elif [[ $table == "-t nat" ]]; then COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \ sed -ne "$chain" -e "s/OUTPUT|PREROUTING|POSTROUTING//"`' \ -- "$cur" ) ) elif [[ $table == "-t mangle" ]]; then COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT MARK TOS `iptables $table -nL | sed -ne "$chain" \ -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \ "$cur" ) ) fi ;; *) if [[ "$cur" == -* ]]; then COMPREPLY=( $( compgen -W '--in-interface --out-interface --source --destination --protocol --fragment --match --append --delete --insert --replace --list --flush --zero --new --delete-chain --policy --rename-chain --proto --source --destination --in-interface --jump --match --numeric --out-interface --table --verbose --line-numbers --exact --fragment --modprobe --set-counters --version' -- "$cur" ) ) fi ;; esac } && complete -F _iptables iptables # ex: ts=4 sw=4 et filetype=sh