bash-completion/completions/iptables

# bash completion for iptables                             -*- shell-script -*-

_iptables()
{
    local cur prev words cword split
    _init_completion -s || return

    local table chain='s/^Chain \([^ ]\{1,\}\).*$/\1/p'

    if [[ ${words[@]} == *-t\ *filter* ]]; then
        table="-t filter"
    elif [[ ${words[@]} == *-t\ *nat* ]]; then
        table="-t nat"
    elif [[ ${words[@]} == *-t\ *mangle* ]]; then
        table="-t mangle"
    fi

    case $prev in
    -*[AIDRPFXLZ])
        COMPREPLY=( $( compgen -W '`iptables $table -nL | \
                sed -ne "s/^Chain \([^ ]\{1,\}\).*$/\1/p"`' -- "$cur" ) )
        ;;
    -*t)
        COMPREPLY=( $( compgen -W 'nat filter mangle' -- "$cur" ) )
        ;;
    -j)
        if [[ "$table" == "-t filter" || -z "$table" ]]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT
                `iptables $table -nL | sed -ne "$chain" \
                -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
                "$cur" ) )
        elif [[ $table == "-t nat" ]]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT MIRROR SNAT
                DNAT MASQUERADE `iptables $table -nL | \
                sed -ne "$chain" -e "s/OUTPUT|PREROUTING|POSTROUTING//"`' \
                -- "$cur" ) )
        elif [[ $table == "-t mangle" ]]; then
            COMPREPLY=( $( compgen -W 'ACCEPT DROP LOG ULOG REJECT MARK TOS
                `iptables $table -nL | sed -ne "$chain" \
                -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
                "$cur" ) )
        fi
        ;;
    *)
        if [[ "$cur" == -* ]]; then
            COMPREPLY=( $( compgen -W '--in-interface --out-interface --source
                --destination --protocol --fragment --match --append --delete
                --insert --replace --list --flush --zero --new --delete-chain
                --policy --rename-chain --proto --source --destination
                --in-interface --jump --match --numeric --out-interface --table
                --verbose --line-numbers --exact --fragment --modprobe
                --set-counters --version' -- "$cur" ) )
        fi
        ;;
    esac

} &&
complete -F _iptables iptables

# ex: ts=4 sw=4 et filetype=sh