*filter
:DFWRS_FORWARD - [0:0]
:DFWRS_INPUT - [0:0]
:FORWARD - [0:0]
:INPUT - [0:0]
-F DFWRS_FORWARD
-A DFWRS_FORWARD -m state --state INVALID -j DROP
-A DFWRS_FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-F DFWRS_INPUT
-A DFWRS_INPUT -m state --state INVALID -j DROP
-A DFWRS_INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A DFWRS_INPUT -i docker0 -j ACCEPT
-A FORWARD -j DFWRS_FORWARD
-A INPUT -j DFWRS_INPUT
COMMIT
*nat
:DFWRS_POSTROUTING - [0:0]
:DFWRS_PREROUTING - [0:0]
:POSTROUTING - [0:0]
:PREROUTING - [0:0]
-F DFWRS_POSTROUTING
-F DFWRS_PREROUTING
-A DFWRS_PREROUTING -o $output=bridge -p tcp --dport 80 -j DNAT --to-destination ${dst_ip=ip}:80
-A DFWRS_PREROUTING -s $src_ip=ip -i $input=bridge -o $output=bridge -p tcp --dport 80 -j DNAT --to-destination ${dst_ip=ip}:80	"$input" == "$output"
-A DFWRS_PREROUTING -s $src_ip=ip -i $input=bridge -o $output=bridge -p tcp --dport 443 -j DNAT --to-destination ${dst_ip=ip}:443	"$input" != "$output"
-A POSTROUTING -j DFWRS_POSTROUTING
-A PREROUTING -j DFWRS_PREROUTING
COMMIT