*filter :DFWRS_FORWARD - [0:0] :DFWRS_INPUT - [0:0] :FORWARD - [0:0] :INPUT - [0:0] -F DFWRS_FORWARD -A DFWRS_FORWARD -m state --state INVALID -j DROP -A DFWRS_FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A DFWRS_FORWARD -d $dst_ip=ip -i eni -o $output=bridge -p tcp --dport 80 -j ACCEPT -F DFWRS_INPUT -A DFWRS_INPUT -m state --state INVALID -j DROP -A DFWRS_INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A DFWRS_INPUT -i docker0 -j ACCEPT -A FORWARD -j DFWRS_FORWARD -A INPUT -j DFWRS_INPUT COMMIT *nat :DFWRS_POSTROUTING - [0:0] :DFWRS_PREROUTING - [0:0] :POSTROUTING - [0:0] :PREROUTING - [0:0] -F DFWRS_POSTROUTING -F DFWRS_PREROUTING -A DFWRS_PREROUTING -i eni -p tcp --dport 8080 -j DNAT --to-destination ${dst_ip=ip}:80 -A POSTROUTING -j DFWRS_POSTROUTING -A PREROUTING -j DFWRS_PREROUTING COMMIT