# bash completion for iptables                             -*- shell-script -*-

_iptables()
{
    local cur prev words cword split
    _init_completion -s || return

    local table chain='s/^Chain \([^ ]\{1,\}\).*$/\1/p'

    [[ ${words[*]} =~ [[:space:]]-(t|-table=?)[[:space:]]*([^[:space:]]+) ]] &&
        table="-t ${BASH_REMATCH[2]}"

    case $prev in
        -*[AIDRPFXLZ])
            COMPREPLY=($(compgen -W '`"$1" $table -nL 2>/dev/null | \
                command sed -ne "s/^Chain \([^ ]\{1,\}\).*$/\1/p"`' -- "$cur"))
            ;;
        -*t)
            COMPREPLY=($(compgen -W 'nat filter mangle' -- "$cur"))
            ;;
        -j)
            if [[ $table == "-t filter" || -z $table ]]; then
                COMPREPLY=($(compgen -W 'ACCEPT DROP LOG ULOG REJECT
                `"$1" $table -nL 2>/dev/null | command sed -ne "$chain" \
                -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
                    "$cur"))
            elif [[ $table == "-t nat" ]]; then
                COMPREPLY=($(compgen -W 'ACCEPT DROP LOG ULOG REJECT MIRROR SNAT
                DNAT MASQUERADE `"$1" $table -nL 2>/dev/null | \
                command sed -ne "$chain" -e "s/OUTPUT|PREROUTING|POSTROUTING//"`' \
                    -- "$cur"))
            elif [[ $table == "-t mangle" ]]; then
                COMPREPLY=($(compgen -W 'ACCEPT DROP LOG ULOG REJECT MARK TOS
                `"$1" $table -nL 2>/dev/null | command sed -ne "$chain" \
                -e "s/INPUT|OUTPUT|FORWARD|PREROUTING|POSTROUTING//"`' -- \
                    "$cur"))
            fi
            ;;
        *)
            if [[ $cur == -* ]]; then
                COMPREPLY=($(compgen -W '$("$1" --help 2>&1 |
                command sed -e "s/^\[\!\]//" | _parse_help -)' -- "$cur"))
                [[ ${COMPREPLY-} == *= ]] && compopt -o nospace
            fi
            ;;
    esac

} &&
    complete -F _iptables iptables

# ex: filetype=sh