comp_include _get_cword


_iptables()
{
    local cur prev table chain

    COMPREPLY=()
    cur=`_get_cword`
    prev=${COMP_WORDS[COMP_CWORD-1]}
    chain='s/^Chain \([^ ]\+\).*$/\1/p'

    if [[ $COMP_LINE == *-t\ *filter* ]]; then
        table="-t filter"
    elif [[ $COMP_LINE == *-t\ *nat* ]]; then
        table="-t nat"
    elif [[ $COMP_LINE == *-t\ *mangle* ]]; then
        table="-t mangle"
    fi

    case "$prev" in
    -*[AIDRPFXLZ])
        COMPREPLY=( $( compgen -W '`iptables $table -nL | \
                sed -ne "s/^Chain \([^ ]\+\).*$/\1/p"`' -- $cur ) )
        ;;
    -*t)
        COMPREPLY=( $( compgen -W 'nat filter mangle' -- $cur ) )
        ;;
    -j)
        if [ "$table" = "-t filter" -o "$table" = "" ]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
            `iptables $table -nL | sed -ne "$chain" \
            -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
            $cur ) )
        elif [ "$table" = "-t nat" ]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
            MIRROR SNAT DNAT MASQUERADE `iptables $table -nL | \
            sed -ne "$chain" -e "s/OUTPUT|PREROUTING|POSTROUTING//"`' \
            -- $cur ) )
        elif [ "$table" = "-t mangle" ]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT \
            MARK TOS `iptables $table -nL | sed -ne "$chain" \
            -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
            $cur ) )
        fi
        ;;
    *)
        if [[ "$cur" == -* ]]; then
            COMPREPLY=( $( compgen -W '-i -o -s -d -p -f -m --append \
            --delete --insert --replace --list --flush --zero --new \
            --delete-chain --policy --rename-chain --proto --source \
            --destination --in-interface --jump --match --numeric \
            --out-interface --table --verbose --line-numbers --exact \
            --fragment --modprobe= --set-counters --version' -- "$cur") )
        fi
        ;;
    esac
}
