From 5b9648f475235e3b560f8a101da679f179668c8a Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Mon, 25 Sep 2023 15:14:30 +0000
Subject: [PATCH 1/9] escape strings for xml

---
 iptables-graph | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index 34bb844..e7cc702 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -45,30 +45,43 @@ def get_node_name(table_name, chain_name):
 def get_port_name(rule_index):
     return "rule_" + str(rule_index)
 
+
+xml_esc = {
+    re.compile('&') : '&amp;' ,
+    re.compile('<') : '&lt;'  ,
+    re.compile('>') : '&gt;'  ,
+    re.compile('"') : '&quot;',
+}
+def escape_xml(s):
+    for k, v in xml_esc.items():
+        s = k.sub(v, s)
+    return s
+
 output="""digraph {
     graph [pad="0.5", nodesep="0.5", ranksep="2"];
     node [shape=plain]
     rankdir=LR;
 
 """
+
 for table in all_chains:
     for chain in all_chains[table]:
         node_name = get_node_name(table, chain)
         tmp_body = node_name + """ [label=<<table border="0" cellborder="1" cellspacing="0">"""
         if chain in defualt_chain_list:
             tmp_body +="""
-  <tr><td bgcolor="red"><i>""" + chain + """</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>""" + table + """</i></td></tr>"""
+  <tr><td bgcolor="red"><i>""" + escape_xml( chain ) + """</i></td></tr>
+  <tr><td port="begin" bgcolor="tomato"><i>""" + escape_xml( table ) + """</i></td></tr>"""
         else:
             tmp_body +="""
   <tr><td><i>""" + chain + """</i></td></tr>
-  <tr><td port="begin"><i>""" + table + """</i></td></tr>"""
+  <tr><td port="begin"><i>""" + escape_xml( table ) + """</i></td></tr>"""
         for i in range(len(all_chains[table][chain])):
             rule = all_chains[table][chain][i]
             tmp_body += """
   <tr><td port="""
             tmp_body += "\"" + get_port_name(i) + "\""
-            tmp_body += """>""" + rule["rule_body"] + """</td></tr>"""
+            tmp_body += """>""" + escape_xml( rule["rule_body"] ) + """</td></tr>"""
             #tmp_body += """></td></tr>"""
         tmp_body += """
   <tr><td port="end">end</td></tr>

From 5b4f54ee924d32f5a80cecf001a7ac5be28c60fd Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sat, 28 Oct 2023 11:35:24 +0000
Subject: [PATCH 2/9] add support for counters

---
 iptables-graph | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index e7cc702..1dcbf24 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -13,8 +13,19 @@ defualt_chain_list = ['PREROUTING', 'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING']
 input_string = sys.stdin.read()
 line_list = input_string.splitlines()
 current_table = None
+match_stats = re.compile(r'\s*\[(?P<pkts>\d+):(?P<bytes>\d+)\]\s*')
 for line in line_list:
+    stats = match_stats.search(line)
+    if stats:
+        line = match_stats.sub('', line)
+        stats = '[{}:{}] '.format(stats.group('pkts'), stats.group('bytes'))
+    else:
+        stats = ''
     token_list = line.split()
+    if not token_list :
+        continue
+    if token_list[0][0] in [ '#']:
+        continue
     if token_list[0][1:] in all_chains.keys():
         current_table = token_list[0][1:]
         continue
@@ -23,15 +34,15 @@ for line in line_list:
         if current_chain not in all_chains[current_table]:
             all_chains[current_table][current_chain] = list()
 
-        rule_body = ''
+        rule_body = stats
         target = ''
         if token_list[-2] == '-j' and token_list[-1] not in ['RETURN', 'ACCEPT', 'DROP']:
             target = token_list[-1]
             if target not in all_chains[current_table]:
                 all_chains[current_table][target] = list()
-            rule_body = ' '.join(token_list[2:])
+            rule_body += ' '.join(token_list[2:])
         else:
-            rule_body = ' '.join(token_list[2:])
+            rule_body += ' '.join(token_list[2:])
 
         all_chains[current_table][current_chain].append({'rule_body':rule_body, 'target':target})
         continue
@@ -81,7 +92,7 @@ for table in all_chains:
             tmp_body += """
   <tr><td port="""
             tmp_body += "\"" + get_port_name(i) + "\""
-            tmp_body += """>""" + escape_xml( rule["rule_body"] ) + """</td></tr>"""
+                tmp_body += """>""" + escape_xml( rule["rule_body"] ) + """</td></tr>"""
             #tmp_body += """></td></tr>"""
         tmp_body += """
   <tr><td port="end">end</td></tr>

From 1a9ef82653f3ca82807736dccffe088c3861847c Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sat, 28 Oct 2023 11:38:34 +0000
Subject: [PATCH 3/9] add support to colorize rules based on port ranges.

---
 iptables-graph | 51 +++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 5 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index 1dcbf24..b42916f 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -1,5 +1,6 @@
 #!/usr/bin/env python3
 import sys
+import os
 import re
 import string
 
@@ -68,6 +69,50 @@ def escape_xml(s):
         s = k.sub(v, s)
     return s
 
+
+default_port_ranges = '''
+red=29700:29799,47000:48653,48659,48662,48663,48753,48754,48850:49151,49200:49799
+green=80
+yellow=22
+'''
+
+def expand_port_range(port_range):
+    prange = []
+    for cr in port_range.split(','):
+        r = cr.split(':')
+        if len(r) == 2:
+            prange += range(int(r[0]), int(r[1]) + 1)
+        else:
+            prange = [  int(r[0])  ]
+    return prange
+
+def test_port_range_in_port_range(a, b):
+    for a1 in a:
+        if a1 in b:
+            return True
+    return False
+
+match_port  = re.compile(r'-(?P<type>[ds]ports?)\s+(?P<port>[0-9,:]+)')
+def get_rule_attributes(port_ranges, rule):
+    global match_port
+    m = match_port.search(rule["rule_body"])
+    if m :
+        for me in port_ranges:
+            if test_port_range_in_port_range(me['r'], expand_port_range(m.group('port'))):
+                return ' bgcolor="{}"'.format(me['c'])
+    return ''
+
+def conv_port_range(r):
+    cfilter = []
+    for cline in r.split('\n'):
+        d = cline.split('=', 2)
+        if len(d) != 2:
+            continue
+        cfilter.append({ 'r' : expand_port_range(d[1]), 'c' : d[0] })
+    return cfilter
+
+
+port_ranges = conv_port_range(os.getenv('PORT_RANGE', default=default_port_ranges))
 output="""digraph {
     graph [pad="0.5", nodesep="0.5", ranksep="2"];
     node [shape=plain]
@@ -89,11 +134,7 @@ for table in all_chains:
   <tr><td port="begin"><i>""" + escape_xml( table ) + """</i></td></tr>"""
         for i in range(len(all_chains[table][chain])):
             rule = all_chains[table][chain][i]
-            tmp_body += """
-  <tr><td port="""
-            tmp_body += "\"" + get_port_name(i) + "\""
-                tmp_body += """>""" + escape_xml( rule["rule_body"] ) + """</td></tr>"""
-            #tmp_body += """></td></tr>"""
+            tmp_body += '\n<tr><td port="{}"{}>{}</td></tr>'.format(get_port_name(i), get_rule_attributes(port_ranges, rule), escape_xml( rule["rule_body"] ))
         tmp_body += """
   <tr><td port="end">end</td></tr>
 </table>>];

From 9f4ee70909a6019c322d843cb1cd9f28df3ca7a9 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 07:50:15 +0000
Subject: [PATCH 4/9] Refactor code to mode into function to make it possible
 to reuse as module. centralize color selection, and change color scheme.
 Differentiate used and unused rules by color.

---
 iptables-graph | 205 ++++++++++++++++++++++++++-----------------------
 1 file changed, 109 insertions(+), 96 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index b42916f..6cc4182 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -11,44 +11,42 @@ all_chains = {	'raw':	    {'PREROUTING':list(), 'OUTPUT':list()},
 
 defualt_chain_list = ['PREROUTING', 'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING']
 
-input_string = sys.stdin.read()
-line_list = input_string.splitlines()
-current_table = None
-match_stats = re.compile(r'\s*\[(?P<pkts>\d+):(?P<bytes>\d+)\]\s*')
-for line in line_list:
-    stats = match_stats.search(line)
-    if stats:
-        line = match_stats.sub('', line)
-        stats = '[{}:{}] '.format(stats.group('pkts'), stats.group('bytes'))
-    else:
-        stats = ''
-    token_list = line.split()
-    if not token_list :
-        continue
-    if token_list[0][0] in [ '#']:
-        continue
-    if token_list[0][1:] in all_chains.keys():
-        current_table = token_list[0][1:]
-        continue
-    if token_list[0] == '-A':
-        current_chain = token_list[1]
-        if current_chain not in all_chains[current_table]:
-            all_chains[current_table][current_chain] = list()
-
-        rule_body = stats
-        target = ''
-        if token_list[-2] == '-j' and token_list[-1] not in ['RETURN', 'ACCEPT', 'DROP']:
-            target = token_list[-1]
-            if target not in all_chains[current_table]:
-                all_chains[current_table][target] = list()
-            rule_body += ' '.join(token_list[2:])
+def parse_input(input_string):
+    line_list = input_string.splitlines()
+    current_table = None
+    match_stats = re.compile(r'\s*\[(?P<pkts>\d+):(?P<bytes>\d+)\]\s*')
+    for line in line_list:
+        stats = match_stats.search(line)
+        if stats:
+            line = match_stats.sub('', line)
+            stats = '[{}:{}] '.format(stats.group('pkts'), stats.group('bytes'))
         else:
-            rule_body += ' '.join(token_list[2:])
-
-        all_chains[current_table][current_chain].append({'rule_body':rule_body, 'target':target})
-        continue
-    else:
-        continue
+            stats = ''
+        token_list = line.split()
+        if not token_list :
+            continue
+        if token_list[0][1:] in all_chains.keys():
+            current_table = token_list[0][1:]
+            continue
+        if token_list[0] == '-A':
+            current_chain = token_list[1]
+            if current_chain not in all_chains[current_table]:
+                all_chains[current_table][current_chain] = list()
+
+            rule_body = stats
+            target = ''
+            if token_list[-2] == '-j' and token_list[-1] not in ['RETURN', 'ACCEPT', 'DROP']:
+                target = token_list[-1]
+                if target not in all_chains[current_table]:
+                    all_chains[current_table][target] = list()
+                rule_body += ' '.join(token_list[2:])
+            else:
+                rule_body += ' '.join(token_list[2:])
+
+            all_chains[current_table][current_chain].append({'rule_body':rule_body, 'target':target})
+            continue
+        else:
+            continue
 
 
 def get_node_name(table_name, chain_name):
@@ -93,13 +91,18 @@ def test_port_range_in_port_range(a, b):
     return False
 
 match_port  = re.compile(r'-(?P<type>[ds]ports?)\s+(?P<port>[0-9,:]+)')
+match_unused_rule = re.compile(r'\[0:0\]')
 def get_rule_attributes(port_ranges, rule):
-    global match_port
+    global match_port, colors
     m = match_port.search(rule["rule_body"])
     if m :
         for me in port_ranges:
             if test_port_range_in_port_range(me['r'], expand_port_range(m.group('port'))):
                 return ' bgcolor="{}"'.format(me['c'])
+    if match_unused_rule.search(rule["rule_body"]):
+        return ' bgcolor="{unused_rule}"'.format(**colors)
+    else:
+        return ' bgcolor="{used_rule}"'.format(**colors)
     return ''
 
 def conv_port_range(r):
@@ -112,65 +115,75 @@ def conv_port_range(r):
     return cfilter
 
 
-port_ranges = conv_port_range(os.getenv('PORT_RANGE', default=default_port_ranges))
-output="""digraph {
+colors = {
+        'bgcolor'       : 'black',
+        'norm_link'     : 'white',
+        'chain_link'    : 'red',
+        'unused_rule'   : 'lightgrey',
+        'used_rule'     : 'darkgrey',
+        'default_chain' : ['red', 'tomato'],
+        'user_chain'    : ['white', 'white'],
+}
+
+def create_output(all_chains):
+    global default_port_ranges, colors
+    port_ranges = conv_port_range(os.getenv('PORT_RANGE', default=default_port_ranges))
+
+    output="""digraph {{
+    bgcolor="{bgcolor}"
     graph [pad="0.5", nodesep="0.5", ranksep="2"];
     node [shape=plain]
     rankdir=LR;
 
-"""
-
-for table in all_chains:
-    for chain in all_chains[table]:
-        node_name = get_node_name(table, chain)
-        tmp_body = node_name + """ [label=<<table border="0" cellborder="1" cellspacing="0">"""
-        if chain in defualt_chain_list:
-            tmp_body +="""
-  <tr><td bgcolor="red"><i>""" + escape_xml( chain ) + """</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>""" + escape_xml( table ) + """</i></td></tr>"""
-        else:
-            tmp_body +="""
-  <tr><td><i>""" + chain + """</i></td></tr>
-  <tr><td port="begin"><i>""" + escape_xml( table ) + """</i></td></tr>"""
-        for i in range(len(all_chains[table][chain])):
-            rule = all_chains[table][chain][i]
-            tmp_body += '\n<tr><td port="{}"{}>{}</td></tr>'.format(get_port_name(i), get_rule_attributes(port_ranges, rule), escape_xml( rule["rule_body"] ))
-        tmp_body += """
-  <tr><td port="end">end</td></tr>
-</table>>];
-"""
-        output += tmp_body
-
-for table in all_chains:
-    for chain in all_chains[table]:
-        for i in range(len(all_chains[table][chain])):
-            rule = all_chains[table][chain][i]
-            if rule['target']:
-                source_node = get_node_name(table, chain) + ':' + get_port_name(i)
-                target_node = get_node_name(table, rule['target']) + ':begin'
-                output += source_node + """ -> """ + target_node + """;
-"""
-
-def default_chain_link(src_table_name, src_chain_name, dst_table_name, dst_chain_name):
-    source_node = get_node_name(src_table_name, src_chain_name) + ':end'
-    target_node = get_node_name(dst_table_name, dst_chain_name) + ':begin'
-    return source_node + """ -> """ + target_node + """ [color=red];
-"""
-
-output += default_chain_link('raw',	'PREROUTING',	'mangle',   'PREROUTING')
-output += default_chain_link('mangle',	'PREROUTING',	'nat',	    'PREROUTING')
-output += default_chain_link('nat',	'PREROUTING',	'mangle',   'INPUT')
-output += default_chain_link('mangle',	'INPUT',	'filter',   'INPUT')
-output += default_chain_link('filter',	'INPUT',	'raw',	    'OUTPUT')
-output += default_chain_link('raw',	'OUTPUT',	'mangle',   'OUTPUT')
-output += default_chain_link('mangle',	'OUTPUT',	'nat',	    'OUTPUT')
-output += default_chain_link('nat',	'OUTPUT',	'filter',   'OUTPUT')
-output += default_chain_link('filter',	'OUTPUT',	'mangle',   'POSTROUTING')
-output += default_chain_link('mangle',	'POSTROUTING',	'nat',	    'POSTROUTING')
-output += default_chain_link('nat',	'PREROUTING',	'mangle',   'FORWARD')
-output += default_chain_link('mangle',	'FORWARD',	'filter',   'FORWARD')
-output += default_chain_link('filter',	'FORWARD',	'mangle',   'POSTROUTING')
-
-output += """
-}"""
-print(output)
+""".format(**colors)
+    for table in all_chains:
+        for chain in all_chains[table]:
+            node_name = get_node_name(table, chain)
+            tmp_body = node_name + """ [label=<<table border="0" cellborder="1" cellspacing="0">"""
+            if chain in defualt_chain_list:
+                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['default_chain'][0], escape_xml( chain ))
+                tmp_body +='\n<tr><td port="begin" bgcolor="{}"><i>{}</i></td></tr>'.format( colors['default_chain'][1], escape_xml( table ))
+            else:
+                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['user_chain'][0], chain )
+                tmp_body +='\n<tr><td port="begin" bgcolor="{}"><i>{}</i></td></tr>'.format(colors['user_chain'][1], escape_xml( table ))
+            for i in range(len(all_chains[table][chain])):
+                rule = all_chains[table][chain][i]
+                tmp_body += '\n<tr><td port="{}"{}>{}</td></tr>'.format(get_port_name(i), get_rule_attributes(port_ranges, rule), escape_xml( rule["rule_body"] ))
+            tmp_body += '<tr><td port="end" bgcolor="{}">end</td></tr>'.format(colors['user_chain'][1])
+            tmp_body += '</table>>];'
+            output += tmp_body
+
+    for table in all_chains:
+        for chain in all_chains[table]:
+            for i in range(len(all_chains[table][chain])):
+                rule = all_chains[table][chain][i]
+                if rule['target']:
+                    source_node = get_node_name(table, chain) + ':' + get_port_name(i)
+                    target_node = get_node_name(table, rule['target']) + ':begin'
+                    output += '{} -> {} [color="{}"]\n'.format(source_node, target_node, colors['norm_link'])
+
+    def default_chain_link(src_table_name, src_chain_name, dst_table_name, dst_chain_name):
+        source_node = get_node_name(src_table_name, src_chain_name) + ':end'
+        target_node = get_node_name(dst_table_name, dst_chain_name) + ':begin'
+        return '{} -> {} [color="{}"]\n'.format(source_node, target_node, colors['chain_link'])
+
+    output += default_chain_link('raw'   ,	'PREROUTING',	'mangle',   'PREROUTING')
+    output += default_chain_link('mangle',	'PREROUTING',	'nat',	    'PREROUTING')
+    output += default_chain_link('nat'   ,	'PREROUTING',	'mangle',   'INPUT')
+    output += default_chain_link('mangle',	'INPUT',	'filter',   'INPUT')
+    output += default_chain_link('filter',	'INPUT',	'raw',	    'OUTPUT')
+    output += default_chain_link('raw'   ,	'OUTPUT',	'mangle',   'OUTPUT')
+    output += default_chain_link('mangle',	'OUTPUT',	'nat',	    'OUTPUT')
+    output += default_chain_link('nat'   ,	'OUTPUT',	'filter',   'OUTPUT')
+    output += default_chain_link('filter',	'OUTPUT',	'mangle',   'POSTROUTING')
+    output += default_chain_link('mangle',	'POSTROUTING',	'nat',	    'POSTROUTING')
+    output += default_chain_link('nat'   ,	'PREROUTING',	'mangle',   'FORWARD')
+    output += default_chain_link('mangle',	'FORWARD',	'filter',   'FORWARD')
+    output += default_chain_link('filter',	'FORWARD',	'mangle',   'POSTROUTING')
+
+    output += '\n}'
+    return output
+if __name__  == '__main__':
+    parse_input(sys.stdin.read())
+    output = create_output(all_chains)
+    print( output ) 

From a8d75f35766ed07b3552286777e60d9c2c2c9e63 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 07:52:34 +0000
Subject: [PATCH 5/9] Add initial support for ebtables. also add the security
 table for iptables.

---
 iptables-graph | 53 +++++++++++++++++++++++++++++++++++---------------
 1 file changed, 37 insertions(+), 16 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index 6cc4182..17cc682 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -4,12 +4,22 @@ import os
 import re
 import string
 
-all_chains = {	'raw':	    {'PREROUTING':list(), 'OUTPUT':list()},
+do_ebtables = os.getenv('USE_EBTABLES', default=False)
+if not do_ebtables:
+    all_chains = {	'raw':	    {'PREROUTING':list(), 'OUTPUT':list()},
         'filter':   {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()},
         'nat':	    {'PREROUTING':list(), 'OUTPUT':list(), 'POSTROUTING':list()},
-        'mangle':   {'PREROUTING':list(), 'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list(), 'POSTROUTING':list()}}
+        'mangle':   {'PREROUTING':list(), 'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list(), 'POSTROUTING':list()},
+        'security': {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()}}
 
-defualt_chain_list = ['PREROUTING', 'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING']
+else:
+    all_chains = {
+        'filter':   {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()},
+        'nat':	    {'PREROUTING':list(), 'OUTPUT':list(), 'POSTROUTING':list()},
+        'broute':   {'BROUTING':list()}
+        }
+
+defualt_chain_list = ['PREROUTING', 'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING', 'BROUTING']
 
 def parse_input(input_string):
     line_list = input_string.splitlines()
@@ -167,19 +177,30 @@ def create_output(all_chains):
         target_node = get_node_name(dst_table_name, dst_chain_name) + ':begin'
         return '{} -> {} [color="{}"]\n'.format(source_node, target_node, colors['chain_link'])
 
-    output += default_chain_link('raw'   ,	'PREROUTING',	'mangle',   'PREROUTING')
-    output += default_chain_link('mangle',	'PREROUTING',	'nat',	    'PREROUTING')
-    output += default_chain_link('nat'   ,	'PREROUTING',	'mangle',   'INPUT')
-    output += default_chain_link('mangle',	'INPUT',	'filter',   'INPUT')
-    output += default_chain_link('filter',	'INPUT',	'raw',	    'OUTPUT')
-    output += default_chain_link('raw'   ,	'OUTPUT',	'mangle',   'OUTPUT')
-    output += default_chain_link('mangle',	'OUTPUT',	'nat',	    'OUTPUT')
-    output += default_chain_link('nat'   ,	'OUTPUT',	'filter',   'OUTPUT')
-    output += default_chain_link('filter',	'OUTPUT',	'mangle',   'POSTROUTING')
-    output += default_chain_link('mangle',	'POSTROUTING',	'nat',	    'POSTROUTING')
-    output += default_chain_link('nat'   ,	'PREROUTING',	'mangle',   'FORWARD')
-    output += default_chain_link('mangle',	'FORWARD',	'filter',   'FORWARD')
-    output += default_chain_link('filter',	'FORWARD',	'mangle',   'POSTROUTING')
+    if not do_ebtables:
+        output += default_chain_link('raw',	'PREROUTING',	'mangle',   'PREROUTING')
+        output += default_chain_link('mangle',	'PREROUTING',	'nat',	    'PREROUTING')
+        output += default_chain_link('nat',	'PREROUTING',	'mangle',   'INPUT')
+        output += default_chain_link('mangle',	'INPUT',	'filter',   'INPUT')
+        output += default_chain_link('filter',	'INPUT',	'security', 'INPUT')
+        output += default_chain_link('security','INPUT',	'raw',	    'OUTPUT')
+        output += default_chain_link('raw',	'OUTPUT',	'mangle',   'OUTPUT')
+        output += default_chain_link('mangle',	'OUTPUT',	'nat',	    'OUTPUT')
+        output += default_chain_link('nat',	'OUTPUT',	'filter',   'OUTPUT')
+        output += default_chain_link('filter',	'OUTPUT',	'security', 'OUTPUT')
+        output += default_chain_link('security','OUTPUT',	'mangle',   'POSTROUTING')
+        output += default_chain_link('mangle',	'POSTROUTING',	'nat',	    'POSTROUTING')
+        output += default_chain_link('nat',	'PREROUTING',	'mangle',   'FORWARD')
+        output += default_chain_link('mangle',	'FORWARD',	'filter',   'FORWARD')
+        output += default_chain_link('filter',	'FORWARD',	'security', 'FORWARD')
+        output += default_chain_link('security','FORWARD',	'mangle',   'POSTROUTING')
+    else:
+        output += default_chain_link('broute',	'BROUTING',	'nat'   ,   'PREROUTING')
+        output += default_chain_link('nat',	'PREROUTING',	'filter',   'INPUT')
+        output += default_chain_link('nat',	'OUTPUT',	'filter',   'OUTPUT')
+        output += default_chain_link('filter',	'OUTPUT',	'nat'   ,   'POSTROUTING')
+        output += default_chain_link('nat',	'POSTROUTING',	'filter',   'FORWARD')
+        output += default_chain_link('filter',   'FORWARD', 'broute',	'BROUTING')
 
     output += '\n}'
     return output

From 8160c24e41a9b1e75e1f8906259ba0a94dd00e21 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 08:22:07 +0000
Subject: [PATCH 6/9] update example image

---
 example.dot | 211 ++++++---------
 example.svg | 745 ++++++++++++++++++++++++++++++----------------------
 2 files changed, 516 insertions(+), 440 deletions(-)

diff --git a/example.dot b/example.dot
index eb5afca..a7ace63 100644
--- a/example.dot
+++ b/example.dot
@@ -1,137 +1,90 @@
 digraph {
+    bgcolor="black"
     graph [pad="0.5", nodesep="0.5", ranksep="2"];
     node [shape=plain]
     rankdir=LR;
 
-filter_DOCKERUSER [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>DOCKER-USER</i></td></tr>
-  <tr><td port="begin"><i>filter</i></td></tr>
-  <tr><td port="rule_0">-j RETURN</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_DOCKERISOLATIONSTAGE1 [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>DOCKER-ISOLATION-STAGE-1</i></td></tr>
-  <tr><td port="begin"><i>filter</i></td></tr>
-  <tr><td port="rule_0">-i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2</td></tr>
-  <tr><td port="rule_1">-j RETURN</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_DOCKERISOLATIONSTAGE2 [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>DOCKER-ISOLATION-STAGE-2</i></td></tr>
-  <tr><td port="begin"><i>filter</i></td></tr>
-  <tr><td port="rule_0">-o docker0 -j DROP</td></tr>
-  <tr><td port="rule_1">-j RETURN</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_FORWARD [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>FORWARD</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr>
-  <tr><td port="rule_0">-j DOCKER-USER</td></tr>
-  <tr><td port="rule_1">-j DOCKER-ISOLATION-STAGE-1</td></tr>
-  <tr><td port="rule_2">-o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</td></tr>
-  <tr><td port="rule_3">-o docker0 -j DOCKER</td></tr>
-  <tr><td port="rule_4">-i docker0 ! -o docker0 -j ACCEPT</td></tr>
-  <tr><td port="rule_5">-i docker0 -o docker0 -j ACCEPT</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_INPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>INPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_DOCKER [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>DOCKER</i></td></tr>
-  <tr><td port="begin"><i>filter</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-raw_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>raw</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
 raw_PREROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>raw</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-mangle_FORWARD [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>FORWARD</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-mangle_INPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>INPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-mangle_POSTROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>POSTROUTING</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-mangle_PREROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-mangle_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-nat_MASQUERADE [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>MASQUERADE</i></td></tr>
-  <tr><td port="begin"><i>nat</i></td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-nat_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
-  <tr><td port="rule_0">! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-nat_DOCKER [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td><i>DOCKER</i></td></tr>
-  <tr><td port="begin"><i>nat</i></td></tr>
-  <tr><td port="rule_0">-i docker0 -j RETURN</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-nat_PREROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
-  <tr><td port="rule_0">-m addrtype --dst-type LOCAL -j DOCKER</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-nat_POSTROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
-  <tr><td bgcolor="red"><i>POSTROUTING</i></td></tr>
-  <tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
-  <tr><td port="rule_0">-s 172.18.0.0/24 ! -o docker0 -j MASQUERADE</td></tr>
-  <tr><td port="end">end</td></tr>
-</table>>];
-filter_DOCKERISOLATIONSTAGE1:rule_0 -> filter_DOCKERISOLATIONSTAGE2:begin;
-filter_FORWARD:rule_0 -> filter_DOCKERUSER:begin;
-filter_FORWARD:rule_1 -> filter_DOCKERISOLATIONSTAGE1:begin;
-filter_FORWARD:rule_3 -> filter_DOCKER:begin;
-nat_OUTPUT:rule_0 -> nat_DOCKER:begin;
-nat_PREROUTING:rule_0 -> nat_DOCKER:begin;
-nat_POSTROUTING:rule_0 -> nat_MASQUERADE:begin;
-raw_PREROUTING:end -> mangle_PREROUTING:begin [color=red];
-mangle_PREROUTING:end -> nat_PREROUTING:begin [color=red];
-nat_PREROUTING:end -> mangle_INPUT:begin [color=red];
-mangle_INPUT:end -> filter_INPUT:begin [color=red];
-filter_INPUT:end -> raw_OUTPUT:begin [color=red];
-raw_OUTPUT:end -> mangle_OUTPUT:begin [color=red];
-mangle_OUTPUT:end -> nat_OUTPUT:begin [color=red];
-nat_OUTPUT:end -> filter_OUTPUT:begin [color=red];
-filter_OUTPUT:end -> mangle_POSTROUTING:begin [color=red];
-mangle_POSTROUTING:end -> nat_POSTROUTING:begin [color=red];
-nat_PREROUTING:end -> mangle_FORWARD:begin [color=red];
-mangle_FORWARD:end -> filter_FORWARD:begin [color=red];
-filter_FORWARD:end -> mangle_POSTROUTING:begin [color=red];
+<tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>raw</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];raw_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>raw</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_INPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>INPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_FORWARD [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>FORWARD</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>filter</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-j DOCKER-USER</td></tr>
+<tr><td port="rule_1" bgcolor="darkgrey">-j DOCKER-ISOLATION-STAGE-1</td></tr>
+<tr><td port="rule_2" bgcolor="darkgrey">-o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT</td></tr>
+<tr><td port="rule_3" bgcolor="darkgrey">-o docker0 -j DOCKER</td></tr>
+<tr><td port="rule_4" bgcolor="darkgrey">-i docker0 ! -o docker0 -j ACCEPT</td></tr>
+<tr><td port="rule_5" bgcolor="darkgrey">-i docker0 -o docker0 -j ACCEPT</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_DOCKERUSER [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>DOCKER-USER</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>filter</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-j RETURN</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_DOCKERISOLATIONSTAGE1 [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>DOCKER-ISOLATION-STAGE-1</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>filter</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2</td></tr>
+<tr><td port="rule_1" bgcolor="darkgrey">-j RETURN</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_DOCKER [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>DOCKER</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>filter</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_DOCKERISOLATIONSTAGE2 [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>DOCKER-ISOLATION-STAGE-2</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>filter</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-o docker0 -j DROP</td></tr>
+<tr><td port="rule_1" bgcolor="darkgrey">-j RETURN</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];nat_PREROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-m addrtype --dst-type LOCAL -j DOCKER</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];nat_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];nat_POSTROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>POSTROUTING</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>nat</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-s 172.18.0.0/24 ! -o docker0 -j MASQUERADE</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];nat_DOCKER [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>DOCKER</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>nat</i></td></tr>
+<tr><td port="rule_0" bgcolor="darkgrey">-i docker0 -j RETURN</td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];nat_MASQUERADE [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="white"><i>MASQUERADE</i></td></tr>
+<tr><td port="begin" bgcolor="white"><i>nat</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];mangle_PREROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>PREROUTING</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];mangle_INPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>INPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];mangle_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];mangle_FORWARD [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>FORWARD</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];mangle_POSTROUTING [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>POSTROUTING</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>mangle</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];security_INPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>INPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>security</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];security_OUTPUT [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>OUTPUT</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>security</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];security_FORWARD [label=<<table border="0" cellborder="1" cellspacing="0">
+<tr><td bgcolor="red"><i>FORWARD</i></td></tr>
+<tr><td port="begin" bgcolor="tomato"><i>security</i></td></tr><tr><td port="end" bgcolor="white">end</td></tr></table>>];filter_FORWARD:rule_0 -> filter_DOCKERUSER:begin [color="white"]
+filter_FORWARD:rule_1 -> filter_DOCKERISOLATIONSTAGE1:begin [color="white"]
+filter_FORWARD:rule_3 -> filter_DOCKER:begin [color="white"]
+filter_DOCKERISOLATIONSTAGE1:rule_0 -> filter_DOCKERISOLATIONSTAGE2:begin [color="white"]
+nat_PREROUTING:rule_0 -> nat_DOCKER:begin [color="white"]
+nat_OUTPUT:rule_0 -> nat_DOCKER:begin [color="white"]
+nat_POSTROUTING:rule_0 -> nat_MASQUERADE:begin [color="white"]
+raw_PREROUTING:end -> mangle_PREROUTING:begin [color="red"]
+mangle_PREROUTING:end -> nat_PREROUTING:begin [color="red"]
+nat_PREROUTING:end -> mangle_INPUT:begin [color="red"]
+mangle_INPUT:end -> filter_INPUT:begin [color="red"]
+filter_INPUT:end -> security_INPUT:begin [color="red"]
+security_INPUT:end -> raw_OUTPUT:begin [color="red"]
+raw_OUTPUT:end -> mangle_OUTPUT:begin [color="red"]
+mangle_OUTPUT:end -> nat_OUTPUT:begin [color="red"]
+nat_OUTPUT:end -> filter_OUTPUT:begin [color="red"]
+filter_OUTPUT:end -> security_OUTPUT:begin [color="red"]
+security_OUTPUT:end -> mangle_POSTROUTING:begin [color="red"]
+mangle_POSTROUTING:end -> nat_POSTROUTING:begin [color="red"]
+nat_PREROUTING:end -> mangle_FORWARD:begin [color="red"]
+mangle_FORWARD:end -> filter_FORWARD:begin [color="red"]
+filter_FORWARD:end -> security_FORWARD:begin [color="red"]
+security_FORWARD:end -> mangle_POSTROUTING:begin [color="red"]
 
 }
diff --git a/example.svg b/example.svg
index 14ca587..b3cba94 100644
--- a/example.svg
+++ b/example.svg
@@ -1,359 +1,482 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
  "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
-<!-- Generated by graphviz version 2.38.0 (20140413.2041)
+<!-- Generated by graphviz version 2.43.0 (0)
  -->
 <!-- Title: %3 Pages: 1 -->
-<svg width="4235pt" height="784pt"
- viewBox="0.00 0.00 4235.00 783.50" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(36 747.5)">
+<svg width="4986pt" height="656pt"
+ viewBox="0.00 0.00 4986.00 655.57" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(36 619.57)">
 <title>%3</title>
-<polygon fill="white" stroke="none" points="-36,36 -36,-747.5 4199,-747.5 4199,36 -36,36"/>
-<!-- filter_DOCKERUSER -->
-<g id="node1" class="node"><title>filter_DOCKERUSER</title>
-<polygon fill="none" stroke="black" points="1952,-711.5 1838,-711.5 1838,-619.5 1952,-619.5 1952,-711.5"/>
-<polygon fill="none" stroke="black" points="1846,-686.5 1846,-707.5 1944,-707.5 1944,-686.5 1846,-686.5"/>
-<text text-anchor="start" x="1849" y="-694.3" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;USER</text>
-<polygon fill="none" stroke="black" points="1846,-665.5 1846,-686.5 1944,-686.5 1944,-665.5 1846,-665.5"/>
-<text text-anchor="start" x="1881.5" y="-673.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="1846,-644.5 1846,-665.5 1944,-665.5 1944,-644.5 1846,-644.5"/>
-<text text-anchor="start" x="1861.5" y="-651.3" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
-<polygon fill="none" stroke="black" points="1846,-623.5 1846,-644.5 1944,-644.5 1944,-623.5 1846,-623.5"/>
-<text text-anchor="start" x="1885" y="-630.3" font-family="Times,serif" font-size="14.00">end</text>
+<polygon fill="black" stroke="transparent" points="-36,36 -36,-619.57 4950,-619.57 4950,36 -36,36"/>
+<!-- raw_PREROUTING -->
+<g id="node1" class="node">
+<title>raw_PREROUTING</title>
+<polygon fill="red" stroke="transparent" points="0.5,-562.07 0.5,-583.07 109.5,-583.07 109.5,-562.07 0.5,-562.07"/>
+<polygon fill="none" stroke="black" points="0.5,-562.07 0.5,-583.07 109.5,-583.07 109.5,-562.07 0.5,-562.07"/>
+<text text-anchor="start" x="3.5" y="-569.87" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
+<polygon fill="tomato" stroke="transparent" points="0.5,-541.07 0.5,-562.07 109.5,-562.07 109.5,-541.07 0.5,-541.07"/>
+<polygon fill="none" stroke="black" points="0.5,-541.07 0.5,-562.07 109.5,-562.07 109.5,-541.07 0.5,-541.07"/>
+<text text-anchor="start" x="41" y="-548.87" font-family="Times,serif" font-style="italic" font-size="14.00">raw</text>
+<polygon fill="white" stroke="transparent" points="0.5,-520.07 0.5,-541.07 109.5,-541.07 109.5,-520.07 0.5,-520.07"/>
+<polygon fill="none" stroke="black" points="0.5,-520.07 0.5,-541.07 109.5,-541.07 109.5,-520.07 0.5,-520.07"/>
+<text text-anchor="start" x="41.5" y="-526.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- filter_DOCKERISOLATIONSTAGE1 -->
-<g id="node2" class="node"><title>filter_DOCKERISOLATIONSTAGE1</title>
-<polygon fill="none" stroke="black" points="2073,-583 1717,-583 1717,-470 2073,-470 2073,-583"/>
-<polygon fill="none" stroke="black" points="1725,-557.5 1725,-578.5 2065,-578.5 2065,-557.5 1725,-557.5"/>
-<text text-anchor="start" x="1803.5" y="-565.3" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;ISOLATION&#45;STAGE&#45;1</text>
-<polygon fill="none" stroke="black" points="1725,-536.5 1725,-557.5 2065,-557.5 2065,-536.5 1725,-536.5"/>
-<text text-anchor="start" x="1881.5" y="-544.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="1725,-515.5 1725,-536.5 2065,-536.5 2065,-515.5 1725,-515.5"/>
-<text text-anchor="start" x="1728" y="-522.3" font-family="Times,serif" font-size="14.00">&#45;i docker0 ! &#45;o docker0 &#45;j DOCKER&#45;ISOLATION&#45;STAGE&#45;2</text>
-<polygon fill="none" stroke="black" points="1725,-494.5 1725,-515.5 2065,-515.5 2065,-494.5 1725,-494.5"/>
-<text text-anchor="start" x="1861.5" y="-501.3" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
-<polygon fill="none" stroke="black" points="1725,-473.5 1725,-494.5 2065,-494.5 2065,-473.5 1725,-473.5"/>
-<text text-anchor="start" x="1885" y="-480.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- mangle_PREROUTING -->
+<g id="node15" class="node">
+<title>mangle_PREROUTING</title>
+<polygon fill="red" stroke="transparent" points="253.5,-541.07 253.5,-562.07 362.5,-562.07 362.5,-541.07 253.5,-541.07"/>
+<polygon fill="none" stroke="black" points="253.5,-541.07 253.5,-562.07 362.5,-562.07 362.5,-541.07 253.5,-541.07"/>
+<text text-anchor="start" x="256.5" y="-548.87" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
+<polygon fill="tomato" stroke="transparent" points="253.5,-520.07 253.5,-541.07 362.5,-541.07 362.5,-520.07 253.5,-520.07"/>
+<polygon fill="none" stroke="black" points="253.5,-520.07 253.5,-541.07 362.5,-541.07 362.5,-520.07 253.5,-520.07"/>
+<text text-anchor="start" x="281.5" y="-527.87" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
+<polygon fill="white" stroke="transparent" points="253.5,-499.07 253.5,-520.07 362.5,-520.07 362.5,-499.07 253.5,-499.07"/>
+<polygon fill="none" stroke="black" points="253.5,-499.07 253.5,-520.07 362.5,-520.07 362.5,-499.07 253.5,-499.07"/>
+<text text-anchor="start" x="294.5" y="-505.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- filter_DOCKERISOLATIONSTAGE2 -->
-<g id="node3" class="node"><title>filter_DOCKERISOLATIONSTAGE2</title>
-<polygon fill="none" stroke="black" points="2422,-561 2217,-561 2217,-448 2422,-448 2422,-561"/>
-<polygon fill="none" stroke="black" points="2225.5,-535.5 2225.5,-556.5 2414.5,-556.5 2414.5,-535.5 2225.5,-535.5"/>
-<text text-anchor="start" x="2228.5" y="-543.3" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;ISOLATION&#45;STAGE&#45;2</text>
-<polygon fill="none" stroke="black" points="2225.5,-514.5 2225.5,-535.5 2414.5,-535.5 2414.5,-514.5 2225.5,-514.5"/>
-<text text-anchor="start" x="2306.5" y="-522.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="2225.5,-493.5 2225.5,-514.5 2414.5,-514.5 2414.5,-493.5 2225.5,-493.5"/>
-<text text-anchor="start" x="2264.5" y="-500.3" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;j DROP</text>
-<polygon fill="none" stroke="black" points="2225.5,-472.5 2225.5,-493.5 2414.5,-493.5 2414.5,-472.5 2225.5,-472.5"/>
-<text text-anchor="start" x="2286.5" y="-479.3" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
-<polygon fill="none" stroke="black" points="2225.5,-451.5 2225.5,-472.5 2414.5,-472.5 2414.5,-451.5 2225.5,-451.5"/>
-<text text-anchor="start" x="2310" y="-458.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- raw_PREROUTING&#45;&gt;mangle_PREROUTING -->
+<g id="edge8" class="edge">
+<title>raw_PREROUTING:end&#45;&gt;mangle_PREROUTING:begin</title>
+<path fill="none" stroke="red" d="M109,-530.07C169.5,-530.07 187.11,-530.07 242.91,-530.07"/>
+<polygon fill="red" stroke="red" points="243,-533.57 253,-530.07 243,-526.57 243,-533.57"/>
 </g>
-<!-- filter_DOCKERISOLATIONSTAGE1&#45;&gt;filter_DOCKERISOLATIONSTAGE2 -->
-<g id="edge1" class="edge"><title>filter_DOCKERISOLATIONSTAGE1:rule_0&#45;&gt;filter_DOCKERISOLATIONSTAGE2:begin</title>
-<path fill="none" stroke="black" d="M2066,-525.5C2132.87,-525.5 2152.13,-525.5 2214.16,-525.5"/>
-<polygon fill="black" stroke="black" points="2214.5,-529 2224.5,-525.5 2214.5,-522 2214.5,-529"/>
+<!-- raw_OUTPUT -->
+<g id="node2" class="node">
+<title>raw_OUTPUT</title>
+<polygon fill="red" stroke="transparent" points="2457,-456.07 2457,-477.07 2526,-477.07 2526,-456.07 2457,-456.07"/>
+<polygon fill="none" stroke="black" points="2457,-456.07 2457,-477.07 2526,-477.07 2526,-456.07 2457,-456.07"/>
+<text text-anchor="start" x="2460" y="-463.87" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
+<polygon fill="tomato" stroke="transparent" points="2457,-435.07 2457,-456.07 2526,-456.07 2526,-435.07 2457,-435.07"/>
+<polygon fill="none" stroke="black" points="2457,-435.07 2457,-456.07 2526,-456.07 2526,-435.07 2457,-435.07"/>
+<text text-anchor="start" x="2477.5" y="-442.87" font-family="Times,serif" font-style="italic" font-size="14.00">raw</text>
+<polygon fill="white" stroke="transparent" points="2457,-414.07 2457,-435.07 2526,-435.07 2526,-414.07 2457,-414.07"/>
+<polygon fill="none" stroke="black" points="2457,-414.07 2457,-435.07 2526,-435.07 2526,-414.07 2457,-414.07"/>
+<text text-anchor="start" x="2478" y="-420.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- filter_OUTPUT -->
-<g id="node4" class="node"><title>filter_OUTPUT</title>
-<polygon fill="none" stroke="black" points="3176.5,-124 3101.5,-124 3101.5,-53 3176.5,-53 3176.5,-124"/>
-<polygon fill="red" stroke="none" points="3110,-98.5 3110,-119.5 3169,-119.5 3169,-98.5 3110,-98.5"/>
-<polygon fill="none" stroke="black" points="3110,-98.5 3110,-119.5 3169,-119.5 3169,-98.5 3110,-98.5"/>
-<text text-anchor="start" x="3113" y="-106.3" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
-<polygon fill="tomato" stroke="none" points="3110,-77.5 3110,-98.5 3169,-98.5 3169,-77.5 3110,-77.5"/>
-<polygon fill="none" stroke="black" points="3110,-77.5 3110,-98.5 3169,-98.5 3169,-77.5 3110,-77.5"/>
-<text text-anchor="start" x="3126" y="-85.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="3110,-56.5 3110,-77.5 3169,-77.5 3169,-56.5 3110,-56.5"/>
-<text text-anchor="start" x="3129.5" y="-63.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- mangle_OUTPUT -->
+<g id="node17" class="node">
+<title>mangle_OUTPUT</title>
+<polygon fill="red" stroke="transparent" points="2756,-435.07 2756,-456.07 2825,-456.07 2825,-435.07 2756,-435.07"/>
+<polygon fill="none" stroke="black" points="2756,-435.07 2756,-456.07 2825,-456.07 2825,-435.07 2756,-435.07"/>
+<text text-anchor="start" x="2759" y="-442.87" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
+<polygon fill="tomato" stroke="transparent" points="2756,-414.07 2756,-435.07 2825,-435.07 2825,-414.07 2756,-414.07"/>
+<polygon fill="none" stroke="black" points="2756,-414.07 2756,-435.07 2825,-435.07 2825,-414.07 2756,-414.07"/>
+<text text-anchor="start" x="2764" y="-421.87" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
+<polygon fill="white" stroke="transparent" points="2756,-393.07 2756,-414.07 2825,-414.07 2825,-393.07 2756,-393.07"/>
+<polygon fill="none" stroke="black" points="2756,-393.07 2756,-414.07 2825,-414.07 2825,-393.07 2756,-393.07"/>
+<text text-anchor="start" x="2777" y="-399.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- mangle_POSTROUTING -->
-<g id="node12" class="node"><title>mangle_POSTROUTING</title>
-<polygon fill="none" stroke="black" points="3470,-223 3357,-223 3357,-152 3470,-152 3470,-223"/>
-<polygon fill="red" stroke="none" points="3365.5,-197.5 3365.5,-218.5 3462.5,-218.5 3462.5,-197.5 3365.5,-197.5"/>
-<polygon fill="none" stroke="black" points="3365.5,-197.5 3365.5,-218.5 3462.5,-218.5 3462.5,-197.5 3365.5,-197.5"/>
-<text text-anchor="start" x="3368.5" y="-205.3" font-family="Times,serif" font-style="italic" font-size="14.00">POSTROUTING</text>
-<polygon fill="tomato" stroke="none" points="3365.5,-176.5 3365.5,-197.5 3462.5,-197.5 3462.5,-176.5 3365.5,-176.5"/>
-<polygon fill="none" stroke="black" points="3365.5,-176.5 3365.5,-197.5 3462.5,-197.5 3462.5,-176.5 3365.5,-176.5"/>
-<text text-anchor="start" x="3394" y="-184.3" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
-<polygon fill="none" stroke="black" points="3365.5,-155.5 3365.5,-176.5 3462.5,-176.5 3462.5,-155.5 3365.5,-155.5"/>
-<text text-anchor="start" x="3404" y="-162.3" font-family="Times,serif" font-size="14.00">end</text>
-</g>
-<!-- filter_OUTPUT&#45;&gt;mangle_POSTROUTING -->
-<g id="edge16" class="edge"><title>filter_OUTPUT:end&#45;&gt;mangle_POSTROUTING:begin</title>
-<path fill="none" stroke="red" d="M3170,-66.5C3268.1,-66.5 3263.39,-178.437 3354.46,-186.089"/>
-<polygon fill="red" stroke="red" points="3354.37,-189.588 3364.5,-186.5 3354.65,-182.594 3354.37,-189.588"/>
+<!-- raw_OUTPUT&#45;&gt;mangle_OUTPUT -->
+<g id="edge14" class="edge">
+<title>raw_OUTPUT:end&#45;&gt;mangle_OUTPUT:begin</title>
+<path fill="none" stroke="red" d="M2527,-424.07C2624.87,-424.07 2651.85,-424.07 2744.87,-424.07"/>
+<polygon fill="red" stroke="red" points="2745,-427.57 2755,-424.07 2745,-420.57 2745,-427.57"/>
+</g>
+<!-- filter_INPUT -->
+<g id="node3" class="node">
+<title>filter_INPUT</title>
+<polygon fill="red" stroke="transparent" points="1406,-467.07 1406,-488.07 1460,-488.07 1460,-467.07 1406,-467.07"/>
+<polygon fill="none" stroke="black" points="1406,-467.07 1406,-488.07 1460,-488.07 1460,-467.07 1406,-467.07"/>
+<text text-anchor="start" x="1409" y="-474.87" font-family="Times,serif" font-style="italic" font-size="14.00">INPUT</text>
+<polygon fill="tomato" stroke="transparent" points="1406,-446.07 1406,-467.07 1460,-467.07 1460,-446.07 1406,-446.07"/>
+<polygon fill="none" stroke="black" points="1406,-446.07 1406,-467.07 1460,-467.07 1460,-446.07 1406,-446.07"/>
+<text text-anchor="start" x="1415" y="-453.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="white" stroke="transparent" points="1406,-425.07 1406,-446.07 1460,-446.07 1460,-425.07 1406,-425.07"/>
+<polygon fill="none" stroke="black" points="1406,-425.07 1406,-446.07 1460,-446.07 1460,-425.07 1406,-425.07"/>
+<text text-anchor="start" x="1419.5" y="-431.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- security_INPUT -->
+<g id="node20" class="node">
+<title>security_INPUT</title>
+<polygon fill="red" stroke="transparent" points="2000,-477.07 2000,-498.07 2064,-498.07 2064,-477.07 2000,-477.07"/>
+<polygon fill="none" stroke="black" points="2000,-477.07 2000,-498.07 2064,-498.07 2064,-477.07 2000,-477.07"/>
+<text text-anchor="start" x="2008" y="-484.87" font-family="Times,serif" font-style="italic" font-size="14.00">INPUT</text>
+<polygon fill="tomato" stroke="transparent" points="2000,-456.07 2000,-477.07 2064,-477.07 2064,-456.07 2000,-456.07"/>
+<polygon fill="none" stroke="black" points="2000,-456.07 2000,-477.07 2064,-477.07 2064,-456.07 2000,-456.07"/>
+<text text-anchor="start" x="2003" y="-463.87" font-family="Times,serif" font-style="italic" font-size="14.00">security</text>
+<polygon fill="white" stroke="transparent" points="2000,-435.07 2000,-456.07 2064,-456.07 2064,-435.07 2000,-435.07"/>
+<polygon fill="none" stroke="black" points="2000,-435.07 2000,-456.07 2064,-456.07 2064,-435.07 2000,-435.07"/>
+<text text-anchor="start" x="2018.5" y="-441.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- filter_INPUT&#45;&gt;security_INPUT -->
+<g id="edge12" class="edge">
+<title>filter_INPUT:end&#45;&gt;security_INPUT:begin</title>
+<path fill="none" stroke="red" d="M1461,-435.07C1697.12,-435.07 1757.79,-465.19 1988.93,-466.05"/>
+<polygon fill="red" stroke="red" points="1988.99,-469.55 1999,-466.07 1989.01,-462.55 1988.99,-469.55"/>
+</g>
+<!-- filter_OUTPUT -->
+<g id="node4" class="node">
+<title>filter_OUTPUT</title>
+<polygon fill="red" stroke="transparent" points="3582,-307.07 3582,-328.07 3651,-328.07 3651,-307.07 3582,-307.07"/>
+<polygon fill="none" stroke="black" points="3582,-307.07 3582,-328.07 3651,-328.07 3651,-307.07 3582,-307.07"/>
+<text text-anchor="start" x="3585" y="-314.87" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
+<polygon fill="tomato" stroke="transparent" points="3582,-286.07 3582,-307.07 3651,-307.07 3651,-286.07 3582,-286.07"/>
+<polygon fill="none" stroke="black" points="3582,-286.07 3582,-307.07 3651,-307.07 3651,-286.07 3582,-286.07"/>
+<text text-anchor="start" x="3598.5" y="-293.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="white" stroke="transparent" points="3582,-265.07 3582,-286.07 3651,-286.07 3651,-265.07 3582,-265.07"/>
+<polygon fill="none" stroke="black" points="3582,-265.07 3582,-286.07 3651,-286.07 3651,-265.07 3582,-265.07"/>
+<text text-anchor="start" x="3603" y="-271.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- security_OUTPUT -->
+<g id="node21" class="node">
+<title>security_OUTPUT</title>
+<polygon fill="red" stroke="transparent" points="3840.5,-254.07 3840.5,-275.07 3909.5,-275.07 3909.5,-254.07 3840.5,-254.07"/>
+<polygon fill="none" stroke="black" points="3840.5,-254.07 3840.5,-275.07 3909.5,-275.07 3909.5,-254.07 3840.5,-254.07"/>
+<text text-anchor="start" x="3843.5" y="-261.87" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
+<polygon fill="tomato" stroke="transparent" points="3840.5,-233.07 3840.5,-254.07 3909.5,-254.07 3909.5,-233.07 3840.5,-233.07"/>
+<polygon fill="none" stroke="black" points="3840.5,-233.07 3840.5,-254.07 3909.5,-254.07 3909.5,-233.07 3840.5,-233.07"/>
+<text text-anchor="start" x="3846" y="-240.87" font-family="Times,serif" font-style="italic" font-size="14.00">security</text>
+<polygon fill="white" stroke="transparent" points="3840.5,-212.07 3840.5,-233.07 3909.5,-233.07 3909.5,-212.07 3840.5,-212.07"/>
+<polygon fill="none" stroke="black" points="3840.5,-212.07 3840.5,-233.07 3909.5,-233.07 3909.5,-212.07 3840.5,-212.07"/>
+<text text-anchor="start" x="3861.5" y="-218.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- filter_OUTPUT&#45;&gt;security_OUTPUT -->
+<g id="edge17" class="edge">
+<title>filter_OUTPUT:end&#45;&gt;security_OUTPUT:begin</title>
+<path fill="none" stroke="red" d="M3652,-275.07C3733.28,-275.07 3753.61,-245.64 3829.9,-243.22"/>
+<polygon fill="red" stroke="red" points="3830.06,-246.72 3840,-243.07 3829.95,-239.72 3830.06,-246.72"/>
 </g>
 <!-- filter_FORWARD -->
-<g id="node5" class="node"><title>filter_FORWARD</title>
-<polygon fill="none" stroke="black" points="1573,-518 1141,-518 1141,-321 1573,-321 1573,-518"/>
-<polygon fill="red" stroke="none" points="1149,-492.5 1149,-513.5 1565,-513.5 1565,-492.5 1149,-492.5"/>
-<polygon fill="none" stroke="black" points="1149,-492.5 1149,-513.5 1565,-513.5 1565,-492.5 1149,-492.5"/>
-<text text-anchor="start" x="1324.5" y="-500.3" font-family="Times,serif" font-style="italic" font-size="14.00">FORWARD</text>
-<polygon fill="tomato" stroke="none" points="1149,-471.5 1149,-492.5 1565,-492.5 1565,-471.5 1149,-471.5"/>
-<polygon fill="none" stroke="black" points="1149,-471.5 1149,-492.5 1565,-492.5 1565,-471.5 1149,-471.5"/>
-<text text-anchor="start" x="1343.5" y="-479.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="1149,-450.5 1149,-471.5 1565,-471.5 1565,-450.5 1149,-450.5"/>
-<text text-anchor="start" x="1303.5" y="-457.3" font-family="Times,serif" font-size="14.00">&#45;j DOCKER&#45;USER</text>
-<polygon fill="none" stroke="black" points="1149,-429.5 1149,-450.5 1565,-450.5 1565,-429.5 1149,-429.5"/>
-<text text-anchor="start" x="1255" y="-436.3" font-family="Times,serif" font-size="14.00">&#45;j DOCKER&#45;ISOLATION&#45;STAGE&#45;1</text>
-<polygon fill="none" stroke="black" points="1149,-408.5 1149,-429.5 1565,-429.5 1565,-408.5 1149,-408.5"/>
-<text text-anchor="start" x="1152" y="-415.3" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;m conntrack &#45;&#45;ctstate RELATED,ESTABLISHED &#45;j ACCEPT</text>
-<polygon fill="none" stroke="black" points="1149,-387.5 1149,-408.5 1565,-408.5 1565,-387.5 1149,-387.5"/>
-<text text-anchor="start" x="1292" y="-394.3" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;j DOCKER</text>
-<polygon fill="none" stroke="black" points="1149,-366.5 1149,-387.5 1565,-387.5 1565,-366.5 1149,-366.5"/>
-<text text-anchor="start" x="1260" y="-373.3" font-family="Times,serif" font-size="14.00">&#45;i docker0 ! &#45;o docker0 &#45;j ACCEPT</text>
-<polygon fill="none" stroke="black" points="1149,-345.5 1149,-366.5 1565,-366.5 1565,-345.5 1149,-345.5"/>
-<text text-anchor="start" x="1264" y="-352.3" font-family="Times,serif" font-size="14.00">&#45;i docker0 &#45;o docker0 &#45;j ACCEPT</text>
-<polygon fill="none" stroke="black" points="1149,-324.5 1149,-345.5 1565,-345.5 1565,-324.5 1149,-324.5"/>
-<text text-anchor="start" x="1347" y="-331.3" font-family="Times,serif" font-size="14.00">end</text>
+<g id="node5" class="node">
+<title>filter_FORWARD</title>
+<polygon fill="red" stroke="transparent" points="1180,-299.07 1180,-320.07 1686,-320.07 1686,-299.07 1180,-299.07"/>
+<polygon fill="none" stroke="black" points="1180,-299.07 1180,-320.07 1686,-320.07 1686,-299.07 1180,-299.07"/>
+<text text-anchor="start" x="1394" y="-306.87" font-family="Times,serif" font-style="italic" font-size="14.00">FORWARD</text>
+<polygon fill="tomato" stroke="transparent" points="1180,-278.07 1180,-299.07 1686,-299.07 1686,-278.07 1180,-278.07"/>
+<polygon fill="none" stroke="black" points="1180,-278.07 1180,-299.07 1686,-299.07 1686,-278.07 1180,-278.07"/>
+<text text-anchor="start" x="1415" y="-285.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-257.07 1180,-278.07 1686,-278.07 1686,-257.07 1180,-257.07"/>
+<polygon fill="none" stroke="black" points="1180,-257.07 1180,-278.07 1686,-278.07 1686,-257.07 1180,-257.07"/>
+<text text-anchor="start" x="1370" y="-263.87" font-family="Times,serif" font-size="14.00">&#45;j DOCKER&#45;USER</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-236.07 1180,-257.07 1686,-257.07 1686,-236.07 1180,-236.07"/>
+<polygon fill="none" stroke="black" points="1180,-236.07 1180,-257.07 1686,-257.07 1686,-236.07 1180,-236.07"/>
+<text text-anchor="start" x="1316" y="-242.87" font-family="Times,serif" font-size="14.00">&#45;j DOCKER&#45;ISOLATION&#45;STAGE&#45;1</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-215.07 1180,-236.07 1686,-236.07 1686,-215.07 1180,-215.07"/>
+<polygon fill="none" stroke="black" points="1180,-215.07 1180,-236.07 1686,-236.07 1686,-215.07 1180,-215.07"/>
+<text text-anchor="start" x="1183" y="-221.87" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;m conntrack &#45;&#45;ctstate RELATED,ESTABLISHED &#45;j ACCEPT</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-194.07 1180,-215.07 1686,-215.07 1686,-194.07 1180,-194.07"/>
+<polygon fill="none" stroke="black" points="1180,-194.07 1180,-215.07 1686,-215.07 1686,-194.07 1180,-194.07"/>
+<text text-anchor="start" x="1354.5" y="-200.87" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;j DOCKER</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-173.07 1180,-194.07 1686,-194.07 1686,-173.07 1180,-173.07"/>
+<polygon fill="none" stroke="black" points="1180,-173.07 1180,-194.07 1686,-194.07 1686,-173.07 1180,-173.07"/>
+<text text-anchor="start" x="1314" y="-179.87" font-family="Times,serif" font-size="14.00">&#45;i docker0 ! &#45;o docker0 &#45;j ACCEPT</text>
+<polygon fill="darkgrey" stroke="transparent" points="1180,-152.07 1180,-173.07 1686,-173.07 1686,-152.07 1180,-152.07"/>
+<polygon fill="none" stroke="black" points="1180,-152.07 1180,-173.07 1686,-173.07 1686,-152.07 1180,-152.07"/>
+<text text-anchor="start" x="1319" y="-158.87" font-family="Times,serif" font-size="14.00">&#45;i docker0 &#45;o docker0 &#45;j ACCEPT</text>
+<polygon fill="white" stroke="transparent" points="1180,-131.07 1180,-152.07 1686,-152.07 1686,-131.07 1180,-131.07"/>
+<polygon fill="none" stroke="black" points="1180,-131.07 1180,-152.07 1686,-152.07 1686,-131.07 1180,-131.07"/>
+<text text-anchor="start" x="1419.5" y="-137.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- filter_DOCKERUSER -->
+<g id="node6" class="node">
+<title>filter_DOCKERUSER</title>
+<polygon fill="white" stroke="transparent" points="1973,-378.07 1973,-399.07 2091,-399.07 2091,-378.07 1973,-378.07"/>
+<polygon fill="none" stroke="black" points="1973,-378.07 1973,-399.07 2091,-399.07 2091,-378.07 1973,-378.07"/>
+<text text-anchor="start" x="1976" y="-385.87" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;USER</text>
+<polygon fill="white" stroke="transparent" points="1973,-357.07 1973,-378.07 2091,-378.07 2091,-357.07 1973,-357.07"/>
+<polygon fill="none" stroke="black" points="1973,-357.07 1973,-378.07 2091,-378.07 2091,-357.07 1973,-357.07"/>
+<text text-anchor="start" x="2014" y="-364.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="darkgrey" stroke="transparent" points="1973,-336.07 1973,-357.07 2091,-357.07 2091,-336.07 1973,-336.07"/>
+<polygon fill="none" stroke="black" points="1973,-336.07 1973,-357.07 2091,-357.07 2091,-336.07 1973,-336.07"/>
+<text text-anchor="start" x="1992.5" y="-342.87" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
+<polygon fill="white" stroke="transparent" points="1973,-315.07 1973,-336.07 2091,-336.07 2091,-315.07 1973,-315.07"/>
+<polygon fill="none" stroke="black" points="1973,-315.07 1973,-336.07 2091,-336.07 2091,-315.07 1973,-315.07"/>
+<text text-anchor="start" x="2018.5" y="-321.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
 <!-- filter_FORWARD&#45;&gt;filter_DOCKERUSER -->
-<g id="edge2" class="edge"><title>filter_FORWARD:rule_0&#45;&gt;filter_DOCKERUSER:begin</title>
-<path fill="none" stroke="black" d="M1566,-461.5C1657.52,-461.5 1643.53,-546.933 1717,-601.5 1767.04,-638.664 1777.93,-672.586 1834.68,-676.185"/>
-<polygon fill="black" stroke="black" points="1834.9,-679.693 1845,-676.5 1835.11,-672.697 1834.9,-679.693"/>
+<g id="edge1" class="edge">
+<title>filter_FORWARD:rule_0&#45;&gt;filter_DOCKERUSER:begin</title>
+<path fill="none" stroke="white" d="M1686,-268.07C1817.24,-268.07 1836.42,-363.05 1961.97,-367.88"/>
+<polygon fill="white" stroke="white" points="1961.94,-371.38 1972,-368.07 1962.07,-364.38 1961.94,-371.38"/>
+</g>
+<!-- filter_DOCKERISOLATIONSTAGE1 -->
+<g id="node7" class="node">
+<title>filter_DOCKERISOLATIONSTAGE1</title>
+<polygon fill="white" stroke="transparent" points="1830,-257.07 1830,-278.07 2234,-278.07 2234,-257.07 1830,-257.07"/>
+<polygon fill="none" stroke="black" points="1830,-257.07 1830,-278.07 2234,-278.07 2234,-257.07 1830,-257.07"/>
+<text text-anchor="start" x="1922" y="-264.87" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;ISOLATION&#45;STAGE&#45;1</text>
+<polygon fill="white" stroke="transparent" points="1830,-236.07 1830,-257.07 2234,-257.07 2234,-236.07 1830,-236.07"/>
+<polygon fill="none" stroke="black" points="1830,-236.07 1830,-257.07 2234,-257.07 2234,-236.07 1830,-236.07"/>
+<text text-anchor="start" x="2014" y="-243.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="darkgrey" stroke="transparent" points="1830,-215.07 1830,-236.07 2234,-236.07 2234,-215.07 1830,-215.07"/>
+<polygon fill="none" stroke="black" points="1830,-215.07 1830,-236.07 2234,-236.07 2234,-215.07 1830,-215.07"/>
+<text text-anchor="start" x="1833" y="-221.87" font-family="Times,serif" font-size="14.00">&#45;i docker0 ! &#45;o docker0 &#45;j DOCKER&#45;ISOLATION&#45;STAGE&#45;2</text>
+<polygon fill="darkgrey" stroke="transparent" points="1830,-194.07 1830,-215.07 2234,-215.07 2234,-194.07 1830,-194.07"/>
+<polygon fill="none" stroke="black" points="1830,-194.07 1830,-215.07 2234,-215.07 2234,-194.07 1830,-194.07"/>
+<text text-anchor="start" x="1992.5" y="-200.87" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
+<polygon fill="white" stroke="transparent" points="1830,-173.07 1830,-194.07 2234,-194.07 2234,-173.07 1830,-173.07"/>
+<polygon fill="none" stroke="black" points="1830,-173.07 1830,-194.07 2234,-194.07 2234,-173.07 1830,-173.07"/>
+<text text-anchor="start" x="2018.5" y="-179.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
 <!-- filter_FORWARD&#45;&gt;filter_DOCKERISOLATIONSTAGE1 -->
-<g id="edge3" class="edge"><title>filter_FORWARD:rule_1&#45;&gt;filter_DOCKERISOLATIONSTAGE1:begin</title>
-<path fill="none" stroke="black" d="M1566,-440.5C1647.17,-440.5 1640.01,-538.502 1713.59,-546.924"/>
-<polygon fill="black" stroke="black" points="1713.82,-550.443 1724,-547.5 1714.21,-543.453 1713.82,-550.443"/>
+<g id="edge2" class="edge">
+<title>filter_FORWARD:rule_1&#45;&gt;filter_DOCKERISOLATIONSTAGE1:begin</title>
+<path fill="none" stroke="white" d="M1686,-247.07C1746.5,-247.07 1764.11,-247.07 1819.91,-247.07"/>
+<polygon fill="white" stroke="white" points="1820,-250.57 1830,-247.07 1820,-243.57 1820,-250.57"/>
 </g>
 <!-- filter_DOCKER -->
-<g id="node7" class="node"><title>filter_DOCKER</title>
-<polygon fill="none" stroke="black" points="1933.5,-434 1856.5,-434 1856.5,-363 1933.5,-363 1933.5,-434"/>
-<polygon fill="none" stroke="black" points="1865,-408.5 1865,-429.5 1926,-429.5 1926,-408.5 1865,-408.5"/>
-<text text-anchor="start" x="1868" y="-416.3" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER</text>
-<polygon fill="none" stroke="black" points="1865,-387.5 1865,-408.5 1926,-408.5 1926,-387.5 1865,-387.5"/>
-<text text-anchor="start" x="1882" y="-395.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="1865,-366.5 1865,-387.5 1926,-387.5 1926,-366.5 1865,-366.5"/>
-<text text-anchor="start" x="1885.5" y="-373.3" font-family="Times,serif" font-size="14.00">end</text>
+<g id="node8" class="node">
+<title>filter_DOCKER</title>
+<polygon fill="white" stroke="transparent" points="1997,-116.07 1997,-137.07 2068,-137.07 2068,-116.07 1997,-116.07"/>
+<polygon fill="none" stroke="black" points="1997,-116.07 1997,-137.07 2068,-137.07 2068,-116.07 1997,-116.07"/>
+<text text-anchor="start" x="2000" y="-123.87" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER</text>
+<polygon fill="white" stroke="transparent" points="1997,-95.07 1997,-116.07 2068,-116.07 2068,-95.07 1997,-95.07"/>
+<polygon fill="none" stroke="black" points="1997,-95.07 1997,-116.07 2068,-116.07 2068,-95.07 1997,-95.07"/>
+<text text-anchor="start" x="2014.5" y="-102.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="white" stroke="transparent" points="1997,-74.07 1997,-95.07 2068,-95.07 2068,-74.07 1997,-74.07"/>
+<polygon fill="none" stroke="black" points="1997,-74.07 1997,-95.07 2068,-95.07 2068,-74.07 1997,-74.07"/>
+<text text-anchor="start" x="2019" y="-80.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
 <!-- filter_FORWARD&#45;&gt;filter_DOCKER -->
-<g id="edge4" class="edge"><title>filter_FORWARD:rule_3&#45;&gt;filter_DOCKER:begin</title>
-<path fill="none" stroke="black" d="M1566,-397.5C1694.95,-397.5 1729.74,-397.5 1853.73,-397.5"/>
-<polygon fill="black" stroke="black" points="1854,-401 1864,-397.5 1854,-394 1854,-401"/>
-</g>
-<!-- filter_FORWARD&#45;&gt;mangle_POSTROUTING -->
-<g id="edge20" class="edge"><title>filter_FORWARD:end&#45;&gt;mangle_POSTROUTING:begin</title>
-<path fill="none" stroke="red" d="M1566,-334.5C1900.66,-334.5 1983.84,-307.5 2318.5,-307.5 2318.5,-307.5 2318.5,-307.5 2744.5,-307.5 2953.37,-307.5 3013,-330.734 3213,-270.5 3283.26,-249.338 3287.28,-192.207 3354.16,-186.897"/>
-<polygon fill="red" stroke="red" points="3354.64,-190.381 3364.5,-186.5 3354.37,-183.386 3354.64,-190.381"/>
+<g id="edge3" class="edge">
+<title>filter_FORWARD:rule_3&#45;&gt;filter_DOCKER:begin</title>
+<path fill="none" stroke="white" d="M1686,-204.07C1753.6,-204.07 1765.62,-175.71 1830,-155.07 1900.08,-132.6 1917.43,-107.44 1985.98,-105.22"/>
+<polygon fill="white" stroke="white" points="1986.06,-108.72 1996,-105.07 1985.95,-101.72 1986.06,-108.72"/>
+</g>
+<!-- security_FORWARD -->
+<g id="node22" class="node">
+<title>security_FORWARD</title>
+<polygon fill="red" stroke="transparent" points="2748,-46.07 2748,-67.07 2832,-67.07 2832,-46.07 2748,-46.07"/>
+<polygon fill="none" stroke="black" points="2748,-46.07 2748,-67.07 2832,-67.07 2832,-46.07 2748,-46.07"/>
+<text text-anchor="start" x="2751" y="-53.87" font-family="Times,serif" font-style="italic" font-size="14.00">FORWARD</text>
+<polygon fill="tomato" stroke="transparent" points="2748,-25.07 2748,-46.07 2832,-46.07 2832,-25.07 2748,-25.07"/>
+<polygon fill="none" stroke="black" points="2748,-25.07 2748,-46.07 2832,-46.07 2832,-25.07 2748,-25.07"/>
+<text text-anchor="start" x="2761" y="-32.87" font-family="Times,serif" font-style="italic" font-size="14.00">security</text>
+<polygon fill="white" stroke="transparent" points="2748,-4.07 2748,-25.07 2832,-25.07 2832,-4.07 2748,-4.07"/>
+<polygon fill="none" stroke="black" points="2748,-4.07 2748,-25.07 2832,-25.07 2832,-4.07 2748,-4.07"/>
+<text text-anchor="start" x="2776.5" y="-10.87" font-family="Times,serif" font-size="14.00">end</text>
+</g>
+<!-- filter_FORWARD&#45;&gt;security_FORWARD -->
+<g id="edge22" class="edge">
+<title>filter_FORWARD:end&#45;&gt;security_FORWARD:begin</title>
+<path fill="none" stroke="red" d="M1686,-141.07C1760.32,-141.07 1758.54,-76.47 1830,-56.07 2219.17,55.02 2337.92,-33.57 2737.9,-35.05"/>
+<polygon fill="red" stroke="red" points="2737.99,-38.55 2748,-35.07 2738.01,-31.55 2737.99,-38.55"/>
 </g>
-<!-- filter_INPUT -->
-<g id="node6" class="node"><title>filter_INPUT</title>
-<polygon fill="none" stroke="black" points="1388,-114 1326,-114 1326,-43 1388,-43 1388,-114"/>
-<polygon fill="red" stroke="none" points="1334,-88.5 1334,-109.5 1380,-109.5 1380,-88.5 1334,-88.5"/>
-<polygon fill="none" stroke="black" points="1334,-88.5 1334,-109.5 1380,-109.5 1380,-88.5 1334,-88.5"/>
-<text text-anchor="start" x="1337" y="-96.3" font-family="Times,serif" font-style="italic" font-size="14.00">INPUT</text>
-<polygon fill="tomato" stroke="none" points="1334,-67.5 1334,-88.5 1380,-88.5 1380,-67.5 1334,-67.5"/>
-<polygon fill="none" stroke="black" points="1334,-67.5 1334,-88.5 1380,-88.5 1380,-67.5 1334,-67.5"/>
-<text text-anchor="start" x="1343.5" y="-75.3" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
-<polygon fill="none" stroke="black" points="1334,-46.5 1334,-67.5 1380,-67.5 1380,-46.5 1334,-46.5"/>
-<text text-anchor="start" x="1347" y="-53.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- filter_DOCKERISOLATIONSTAGE2 -->
+<g id="node9" class="node">
+<title>filter_DOCKERISOLATIONSTAGE2</title>
+<polygon fill="white" stroke="transparent" points="2378,-235.07 2378,-256.07 2604,-256.07 2604,-235.07 2378,-235.07"/>
+<polygon fill="none" stroke="black" points="2378,-235.07 2378,-256.07 2604,-256.07 2604,-235.07 2378,-235.07"/>
+<text text-anchor="start" x="2381" y="-242.87" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER&#45;ISOLATION&#45;STAGE&#45;2</text>
+<polygon fill="white" stroke="transparent" points="2378,-214.07 2378,-235.07 2604,-235.07 2604,-214.07 2378,-214.07"/>
+<polygon fill="none" stroke="black" points="2378,-214.07 2378,-235.07 2604,-235.07 2604,-214.07 2378,-214.07"/>
+<text text-anchor="start" x="2473" y="-221.87" font-family="Times,serif" font-style="italic" font-size="14.00">filter</text>
+<polygon fill="darkgrey" stroke="transparent" points="2378,-193.07 2378,-214.07 2604,-214.07 2604,-193.07 2378,-193.07"/>
+<polygon fill="none" stroke="black" points="2378,-193.07 2378,-214.07 2604,-214.07 2604,-193.07 2378,-193.07"/>
+<text text-anchor="start" x="2423" y="-199.87" font-family="Times,serif" font-size="14.00">&#45;o docker0 &#45;j DROP</text>
+<polygon fill="darkgrey" stroke="transparent" points="2378,-172.07 2378,-193.07 2604,-193.07 2604,-172.07 2378,-172.07"/>
+<polygon fill="none" stroke="black" points="2378,-172.07 2378,-193.07 2604,-193.07 2604,-172.07 2378,-172.07"/>
+<text text-anchor="start" x="2451.5" y="-178.87" font-family="Times,serif" font-size="14.00">&#45;j RETURN</text>
+<polygon fill="white" stroke="transparent" points="2378,-151.07 2378,-172.07 2604,-172.07 2604,-151.07 2378,-151.07"/>
+<polygon fill="none" stroke="black" points="2378,-151.07 2378,-172.07 2604,-172.07 2604,-151.07 2378,-151.07"/>
+<text text-anchor="start" x="2477.5" y="-157.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- raw_OUTPUT -->
-<g id="node8" class="node"><title>raw_OUTPUT</title>
-<polygon fill="none" stroke="black" points="1932.5,-136 1857.5,-136 1857.5,-65 1932.5,-65 1932.5,-136"/>
-<polygon fill="red" stroke="none" points="1866,-110.5 1866,-131.5 1925,-131.5 1925,-110.5 1866,-110.5"/>
-<polygon fill="none" stroke="black" points="1866,-110.5 1866,-131.5 1925,-131.5 1925,-110.5 1866,-110.5"/>
-<text text-anchor="start" x="1869" y="-118.3" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
-<polygon fill="tomato" stroke="none" points="1866,-89.5 1866,-110.5 1925,-110.5 1925,-89.5 1866,-89.5"/>
-<polygon fill="none" stroke="black" points="1866,-89.5 1866,-110.5 1925,-110.5 1925,-89.5 1866,-89.5"/>
-<text text-anchor="start" x="1884.5" y="-97.3" font-family="Times,serif" font-style="italic" font-size="14.00">raw</text>
-<polygon fill="none" stroke="black" points="1866,-68.5 1866,-89.5 1925,-89.5 1925,-68.5 1866,-68.5"/>
-<text text-anchor="start" x="1885.5" y="-75.3" font-family="Times,serif" font-size="14.00">end</text>
-</g>
-<!-- filter_INPUT&#45;&gt;raw_OUTPUT -->
-<g id="edge12" class="edge"><title>filter_INPUT:end&#45;&gt;raw_OUTPUT:begin</title>
-<path fill="none" stroke="red" d="M1381,-56.5C1593.58,-56.5 1647.37,-98.1667 1855,-99.4688"/>
-<polygon fill="red" stroke="red" points="1854.99,-102.969 1865,-99.5 1855.01,-95.9688 1854.99,-102.969"/>
+<!-- filter_DOCKERISOLATIONSTAGE1&#45;&gt;filter_DOCKERISOLATIONSTAGE2 -->
+<g id="edge4" class="edge">
+<title>filter_DOCKERISOLATIONSTAGE1:rule_0&#45;&gt;filter_DOCKERISOLATIONSTAGE2:begin</title>
+<path fill="none" stroke="white" d="M2234,-225.07C2294.5,-225.07 2312.11,-225.07 2367.91,-225.07"/>
+<polygon fill="white" stroke="white" points="2368,-228.57 2378,-225.07 2368,-221.57 2368,-228.57"/>
 </g>
-<!-- mangle_OUTPUT -->
-<g id="node14" class="node"><title>mangle_OUTPUT</title>
-<polygon fill="none" stroke="black" points="2357,-147 2282,-147 2282,-76 2357,-76 2357,-147"/>
-<polygon fill="red" stroke="none" points="2290.5,-121.5 2290.5,-142.5 2349.5,-142.5 2349.5,-121.5 2290.5,-121.5"/>
-<polygon fill="none" stroke="black" points="2290.5,-121.5 2290.5,-142.5 2349.5,-142.5 2349.5,-121.5 2290.5,-121.5"/>
-<text text-anchor="start" x="2293.5" y="-129.3" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
-<polygon fill="tomato" stroke="none" points="2290.5,-100.5 2290.5,-121.5 2349.5,-121.5 2349.5,-100.5 2290.5,-100.5"/>
-<polygon fill="none" stroke="black" points="2290.5,-100.5 2290.5,-121.5 2349.5,-121.5 2349.5,-100.5 2290.5,-100.5"/>
-<text text-anchor="start" x="2300" y="-108.3" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
-<polygon fill="none" stroke="black" points="2290.5,-79.5 2290.5,-100.5 2349.5,-100.5 2349.5,-79.5 2290.5,-79.5"/>
-<text text-anchor="start" x="2310" y="-86.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- nat_PREROUTING -->
+<g id="node10" class="node">
+<title>nat_PREROUTING</title>
+<polygon fill="red" stroke="transparent" points="506,-519.07 506,-540.07 808,-540.07 808,-519.07 506,-519.07"/>
+<polygon fill="none" stroke="black" points="506,-519.07 506,-540.07 808,-540.07 808,-519.07 506,-519.07"/>
+<text text-anchor="start" x="605.5" y="-526.87" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
+<polygon fill="tomato" stroke="transparent" points="506,-498.07 506,-519.07 808,-519.07 808,-498.07 506,-498.07"/>
+<polygon fill="none" stroke="black" points="506,-498.07 506,-519.07 808,-519.07 808,-498.07 506,-498.07"/>
+<text text-anchor="start" x="645" y="-505.87" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
+<polygon fill="darkgrey" stroke="transparent" points="506,-477.07 506,-498.07 808,-498.07 808,-477.07 506,-477.07"/>
+<polygon fill="none" stroke="black" points="506,-477.07 506,-498.07 808,-498.07 808,-477.07 506,-477.07"/>
+<text text-anchor="start" x="509" y="-483.87" font-family="Times,serif" font-size="14.00">&#45;m addrtype &#45;&#45;dst&#45;type LOCAL &#45;j DOCKER</text>
+<polygon fill="white" stroke="transparent" points="506,-456.07 506,-477.07 808,-477.07 808,-456.07 506,-456.07"/>
+<polygon fill="none" stroke="black" points="506,-456.07 506,-477.07 808,-477.07 808,-456.07 506,-456.07"/>
+<text text-anchor="start" x="643.5" y="-462.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- raw_OUTPUT&#45;&gt;mangle_OUTPUT -->
-<g id="edge13" class="edge"><title>raw_OUTPUT:end&#45;&gt;mangle_OUTPUT:begin</title>
-<path fill="none" stroke="red" d="M1926,-78.5C2084.7,-78.5 2125.58,-109.14 2279.21,-110.456"/>
-<polygon fill="red" stroke="red" points="2279.49,-113.957 2289.5,-110.5 2279.51,-106.957 2279.49,-113.957"/>
+<!-- nat_DOCKER -->
+<g id="node13" class="node">
+<title>nat_DOCKER</title>
+<polygon fill="white" stroke="transparent" points="3536,-528.07 3536,-549.07 3696,-549.07 3696,-528.07 3536,-528.07"/>
+<polygon fill="none" stroke="black" points="3536,-528.07 3536,-549.07 3696,-549.07 3696,-528.07 3536,-528.07"/>
+<text text-anchor="start" x="3583.5" y="-535.87" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER</text>
+<polygon fill="white" stroke="transparent" points="3536,-507.07 3536,-528.07 3696,-528.07 3696,-507.07 3536,-507.07"/>
+<polygon fill="none" stroke="black" points="3536,-507.07 3536,-528.07 3696,-528.07 3696,-507.07 3536,-507.07"/>
+<text text-anchor="start" x="3604" y="-514.87" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
+<polygon fill="darkgrey" stroke="transparent" points="3536,-486.07 3536,-507.07 3696,-507.07 3696,-486.07 3536,-486.07"/>
+<polygon fill="none" stroke="black" points="3536,-486.07 3536,-507.07 3696,-507.07 3696,-486.07 3536,-486.07"/>
+<text text-anchor="start" x="3539" y="-492.87" font-family="Times,serif" font-size="14.00">&#45;i docker0 &#45;j RETURN</text>
+<polygon fill="white" stroke="transparent" points="3536,-465.07 3536,-486.07 3696,-486.07 3696,-465.07 3536,-465.07"/>
+<polygon fill="none" stroke="black" points="3536,-465.07 3536,-486.07 3696,-486.07 3696,-465.07 3536,-465.07"/>
+<text text-anchor="start" x="3602.5" y="-471.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- raw_PREROUTING -->
-<g id="node9" class="node"><title>raw_PREROUTING</title>
-<polygon fill="none" stroke="black" points="106,-263 7.10543e-15,-263 7.10543e-15,-192 106,-192 106,-263"/>
-<polygon fill="red" stroke="none" points="8,-237.5 8,-258.5 98,-258.5 98,-237.5 8,-237.5"/>
-<polygon fill="none" stroke="black" points="8,-237.5 8,-258.5 98,-258.5 98,-237.5 8,-237.5"/>
-<text text-anchor="start" x="11" y="-245.3" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
-<polygon fill="tomato" stroke="none" points="8,-216.5 8,-237.5 98,-237.5 98,-216.5 8,-216.5"/>
-<polygon fill="none" stroke="black" points="8,-216.5 8,-237.5 98,-237.5 98,-216.5 8,-216.5"/>
-<text text-anchor="start" x="42" y="-224.3" font-family="Times,serif" font-style="italic" font-size="14.00">raw</text>
-<polygon fill="none" stroke="black" points="8,-195.5 8,-216.5 98,-216.5 98,-195.5 8,-195.5"/>
-<text text-anchor="start" x="43" y="-202.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- nat_PREROUTING&#45;&gt;nat_DOCKER -->
+<g id="edge5" class="edge">
+<title>nat_PREROUTING:rule_0&#45;&gt;nat_DOCKER:begin</title>
+<path fill="none" stroke="white" d="M808,-487.07C873.37,-487.07 887.28,-507.87 952,-517.07 1163.84,-547.17 1218.03,-554.07 1432,-554.07 1432,-554.07 1432,-554.07 2791,-554.07 3119.1,-554.07 3202.79,-518.8 3525.88,-518.08"/>
+<polygon fill="white" stroke="white" points="3526,-521.58 3536,-518.07 3526,-514.58 3526,-521.58"/>
 </g>
-<!-- mangle_PREROUTING -->
-<g id="node13" class="node"><title>mangle_PREROUTING</title>
-<polygon fill="none" stroke="black" points="356,-242 250,-242 250,-171 356,-171 356,-242"/>
-<polygon fill="red" stroke="none" points="258,-216.5 258,-237.5 348,-237.5 348,-216.5 258,-216.5"/>
-<polygon fill="none" stroke="black" points="258,-216.5 258,-237.5 348,-237.5 348,-216.5 258,-216.5"/>
-<text text-anchor="start" x="261" y="-224.3" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
-<polygon fill="tomato" stroke="none" points="258,-195.5 258,-216.5 348,-216.5 348,-195.5 258,-195.5"/>
-<polygon fill="none" stroke="black" points="258,-195.5 258,-216.5 348,-216.5 348,-195.5 258,-195.5"/>
-<text text-anchor="start" x="283" y="-203.3" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
-<polygon fill="none" stroke="black" points="258,-174.5 258,-195.5 348,-195.5 348,-174.5 258,-174.5"/>
-<text text-anchor="start" x="293" y="-181.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- mangle_INPUT -->
+<g id="node16" class="node">
+<title>mangle_INPUT</title>
+<polygon fill="red" stroke="transparent" points="965,-477.07 965,-498.07 1024,-498.07 1024,-477.07 965,-477.07"/>
+<polygon fill="none" stroke="black" points="965,-477.07 965,-498.07 1024,-498.07 1024,-477.07 965,-477.07"/>
+<text text-anchor="start" x="970.5" y="-484.87" font-family="Times,serif" font-style="italic" font-size="14.00">INPUT</text>
+<polygon fill="tomato" stroke="transparent" points="965,-456.07 965,-477.07 1024,-477.07 1024,-456.07 965,-456.07"/>
+<polygon fill="none" stroke="black" points="965,-456.07 965,-477.07 1024,-477.07 1024,-456.07 965,-456.07"/>
+<text text-anchor="start" x="968" y="-463.87" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
+<polygon fill="white" stroke="transparent" points="965,-435.07 965,-456.07 1024,-456.07 1024,-435.07 965,-435.07"/>
+<polygon fill="none" stroke="black" points="965,-435.07 965,-456.07 1024,-456.07 1024,-435.07 965,-435.07"/>
+<text text-anchor="start" x="981" y="-441.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- raw_PREROUTING&#45;&gt;mangle_PREROUTING -->
-<g id="edge8" class="edge"><title>raw_PREROUTING:end&#45;&gt;mangle_PREROUTING:begin</title>
-<path fill="none" stroke="red" d="M99,-205.5C165.656,-205.5 184.859,-205.5 246.696,-205.5"/>
-<polygon fill="red" stroke="red" points="247,-209 257,-205.5 247,-202 247,-209"/>
+<!-- nat_PREROUTING&#45;&gt;mangle_INPUT -->
+<g id="edge10" class="edge">
+<title>nat_PREROUTING:end&#45;&gt;mangle_INPUT:begin</title>
+<path fill="none" stroke="red" d="M808,-466.07C873.81,-466.07 892.77,-466.07 953.83,-466.07"/>
+<polygon fill="red" stroke="red" points="954,-469.57 964,-466.07 954,-462.57 954,-469.57"/>
 </g>
 <!-- mangle_FORWARD -->
-<g id="node10" class="node"><title>mangle_FORWARD</title>
-<polygon fill="none" stroke="black" points="997,-178 910,-178 910,-107 997,-107 997,-178"/>
-<polygon fill="red" stroke="none" points="918.5,-152.5 918.5,-173.5 989.5,-173.5 989.5,-152.5 918.5,-152.5"/>
-<polygon fill="none" stroke="black" points="918.5,-152.5 918.5,-173.5 989.5,-173.5 989.5,-152.5 918.5,-152.5"/>
-<text text-anchor="start" x="921.5" y="-160.3" font-family="Times,serif" font-style="italic" font-size="14.00">FORWARD</text>
-<polygon fill="tomato" stroke="none" points="918.5,-131.5 918.5,-152.5 989.5,-152.5 989.5,-131.5 918.5,-131.5"/>
-<polygon fill="none" stroke="black" points="918.5,-131.5 918.5,-152.5 989.5,-152.5 989.5,-131.5 918.5,-131.5"/>
-<text text-anchor="start" x="934" y="-139.3" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
-<polygon fill="none" stroke="black" points="918.5,-110.5 918.5,-131.5 989.5,-131.5 989.5,-110.5 918.5,-110.5"/>
-<text text-anchor="start" x="944" y="-117.3" font-family="Times,serif" font-size="14.00">end</text>
+<g id="node18" class="node">
+<title>mangle_FORWARD</title>
+<polygon fill="red" stroke="transparent" points="952,-350.07 952,-371.07 1036,-371.07 1036,-350.07 952,-350.07"/>
+<polygon fill="none" stroke="black" points="952,-350.07 952,-371.07 1036,-371.07 1036,-350.07 952,-350.07"/>
+<text text-anchor="start" x="955" y="-357.87" font-family="Times,serif" font-style="italic" font-size="14.00">FORWARD</text>
+<polygon fill="tomato" stroke="transparent" points="952,-329.07 952,-350.07 1036,-350.07 1036,-329.07 952,-329.07"/>
+<polygon fill="none" stroke="black" points="952,-329.07 952,-350.07 1036,-350.07 1036,-329.07 952,-329.07"/>
+<text text-anchor="start" x="967.5" y="-336.87" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
+<polygon fill="white" stroke="transparent" points="952,-308.07 952,-329.07 1036,-329.07 1036,-308.07 952,-308.07"/>
+<polygon fill="none" stroke="black" points="952,-308.07 952,-329.07 1036,-329.07 1036,-308.07 952,-308.07"/>
+<text text-anchor="start" x="980.5" y="-314.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- mangle_FORWARD&#45;&gt;filter_FORWARD -->
-<g id="edge19" class="edge"><title>mangle_FORWARD:end&#45;&gt;filter_FORWARD:begin</title>
-<path fill="none" stroke="red" d="M990.5,-120.5C1162.36,-120.5 980.321,-467.805 1137.66,-482.05"/>
-<polygon fill="red" stroke="red" points="1137.86,-485.561 1148,-482.5 1138.16,-478.568 1137.86,-485.561"/>
+<!-- nat_PREROUTING&#45;&gt;mangle_FORWARD -->
+<g id="edge20" class="edge">
+<title>nat_PREROUTING:end&#45;&gt;mangle_FORWARD:begin</title>
+<path fill="none" stroke="red" d="M808,-466.07C889.67,-466.07 868.75,-349.75 941.6,-339.75"/>
+<polygon fill="red" stroke="red" points="942.25,-343.21 952,-339.07 941.79,-336.23 942.25,-343.21"/>
 </g>
-<!-- mangle_INPUT -->
-<g id="node11" class="node"><title>mangle_INPUT</title>
-<polygon fill="none" stroke="black" points="984.5,-71 922.5,-71 922.5,-0 984.5,-0 984.5,-71"/>
-<polygon fill="red" stroke="none" points="930.5,-45.5 930.5,-66.5 976.5,-66.5 976.5,-45.5 930.5,-45.5"/>
-<polygon fill="none" stroke="black" points="930.5,-45.5 930.5,-66.5 976.5,-66.5 976.5,-45.5 930.5,-45.5"/>
-<text text-anchor="start" x="933.5" y="-53.3" font-family="Times,serif" font-style="italic" font-size="14.00">INPUT</text>
-<polygon fill="tomato" stroke="none" points="930.5,-24.5 930.5,-45.5 976.5,-45.5 976.5,-24.5 930.5,-24.5"/>
-<polygon fill="none" stroke="black" points="930.5,-24.5 930.5,-45.5 976.5,-45.5 976.5,-24.5 930.5,-24.5"/>
-<text text-anchor="start" x="933.5" y="-32.3" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
-<polygon fill="none" stroke="black" points="930.5,-3.5 930.5,-24.5 976.5,-24.5 976.5,-3.5 930.5,-3.5"/>
-<text text-anchor="start" x="943.5" y="-10.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- nat_OUTPUT -->
+<g id="node11" class="node">
+<title>nat_OUTPUT</title>
+<polygon fill="red" stroke="transparent" points="2976,-413.07 2976,-434.07 3392,-434.07 3392,-413.07 2976,-413.07"/>
+<polygon fill="none" stroke="black" points="2976,-413.07 2976,-434.07 3392,-434.07 3392,-413.07 2976,-413.07"/>
+<text text-anchor="start" x="3152.5" y="-420.87" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
+<polygon fill="tomato" stroke="transparent" points="2976,-392.07 2976,-413.07 3392,-413.07 3392,-392.07 2976,-392.07"/>
+<polygon fill="none" stroke="black" points="2976,-392.07 2976,-413.07 3392,-413.07 3392,-392.07 2976,-392.07"/>
+<text text-anchor="start" x="3172" y="-399.87" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
+<polygon fill="darkgrey" stroke="transparent" points="2976,-371.07 2976,-392.07 3392,-392.07 3392,-371.07 2976,-371.07"/>
+<polygon fill="none" stroke="black" points="2976,-371.07 2976,-392.07 3392,-392.07 3392,-371.07 2976,-371.07"/>
+<text text-anchor="start" x="2979" y="-377.87" font-family="Times,serif" font-size="14.00">! &#45;d 127.0.0.0/8 &#45;m addrtype &#45;&#45;dst&#45;type LOCAL &#45;j DOCKER</text>
+<polygon fill="white" stroke="transparent" points="2976,-350.07 2976,-371.07 3392,-371.07 3392,-350.07 2976,-350.07"/>
+<polygon fill="none" stroke="black" points="2976,-350.07 2976,-371.07 3392,-371.07 3392,-350.07 2976,-350.07"/>
+<text text-anchor="start" x="3170.5" y="-356.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- mangle_INPUT&#45;&gt;filter_INPUT -->
-<g id="edge11" class="edge"><title>mangle_INPUT:end&#45;&gt;filter_INPUT:begin</title>
-<path fill="none" stroke="red" d="M977.5,-13.5C1134.59,-13.5 1170.92,-74.7795 1322.82,-77.4126"/>
-<polygon fill="red" stroke="red" points="1322.97,-80.9139 1333,-77.5 1323.03,-73.9142 1322.97,-80.9139"/>
+<!-- nat_OUTPUT&#45;&gt;filter_OUTPUT -->
+<g id="edge16" class="edge">
+<title>nat_OUTPUT:end&#45;&gt;filter_OUTPUT:begin</title>
+<path fill="none" stroke="red" d="M3392,-360.07C3477.22,-360.07 3491.29,-300.97 3570.95,-296.35"/>
+<polygon fill="red" stroke="red" points="3571.1,-299.85 3581,-296.07 3570.9,-292.85 3571.1,-299.85"/>
+</g>
+<!-- nat_OUTPUT&#45;&gt;nat_DOCKER -->
+<g id="edge6" class="edge">
+<title>nat_OUTPUT:rule_0&#45;&gt;nat_DOCKER:begin</title>
+<path fill="none" stroke="white" d="M3392,-381.07C3476.71,-381.07 3450.14,-507.06 3525.72,-517.39"/>
+<polygon fill="white" stroke="white" points="3525.79,-520.91 3536,-518.07 3526.25,-513.92 3525.79,-520.91"/>
 </g>
 <!-- nat_POSTROUTING -->
-<g id="node19" class="node"><title>nat_POSTROUTING</title>
-<polygon fill="none" stroke="black" points="3907,-200.5 3614,-200.5 3614,-108.5 3907,-108.5 3907,-200.5"/>
-<polygon fill="red" stroke="none" points="3622.5,-175.5 3622.5,-196.5 3899.5,-196.5 3899.5,-175.5 3622.5,-175.5"/>
-<polygon fill="none" stroke="black" points="3622.5,-175.5 3622.5,-196.5 3899.5,-196.5 3899.5,-175.5 3622.5,-175.5"/>
-<text text-anchor="start" x="3715.5" y="-183.3" font-family="Times,serif" font-style="italic" font-size="14.00">POSTROUTING</text>
-<polygon fill="tomato" stroke="none" points="3622.5,-154.5 3622.5,-175.5 3899.5,-175.5 3899.5,-154.5 3622.5,-154.5"/>
-<polygon fill="none" stroke="black" points="3622.5,-154.5 3622.5,-175.5 3899.5,-175.5 3899.5,-154.5 3622.5,-154.5"/>
-<text text-anchor="start" x="3752" y="-162.3" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
-<polygon fill="none" stroke="black" points="3622.5,-133.5 3622.5,-154.5 3899.5,-154.5 3899.5,-133.5 3622.5,-133.5"/>
-<text text-anchor="start" x="3625.5" y="-140.3" font-family="Times,serif" font-size="14.00">&#45;s 172.18.0.0/24 ! &#45;o docker0 &#45;j MASQUERADE</text>
-<polygon fill="none" stroke="black" points="3622.5,-112.5 3622.5,-133.5 3899.5,-133.5 3899.5,-112.5 3622.5,-112.5"/>
-<text text-anchor="start" x="3751" y="-119.3" font-family="Times,serif" font-size="14.00">end</text>
+<g id="node12" class="node">
+<title>nat_POSTROUTING</title>
+<polygon fill="red" stroke="transparent" points="4315.5,-115.07 4315.5,-136.07 4654.5,-136.07 4654.5,-115.07 4315.5,-115.07"/>
+<polygon fill="none" stroke="black" points="4315.5,-115.07 4315.5,-136.07 4654.5,-136.07 4654.5,-115.07 4315.5,-115.07"/>
+<text text-anchor="start" x="4429" y="-122.87" font-family="Times,serif" font-style="italic" font-size="14.00">POSTROUTING</text>
+<polygon fill="tomato" stroke="transparent" points="4315.5,-94.07 4315.5,-115.07 4654.5,-115.07 4654.5,-94.07 4315.5,-94.07"/>
+<polygon fill="none" stroke="black" points="4315.5,-94.07 4315.5,-115.07 4654.5,-115.07 4654.5,-94.07 4315.5,-94.07"/>
+<text text-anchor="start" x="4473" y="-101.87" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
+<polygon fill="darkgrey" stroke="transparent" points="4315.5,-73.07 4315.5,-94.07 4654.5,-94.07 4654.5,-73.07 4315.5,-73.07"/>
+<polygon fill="none" stroke="black" points="4315.5,-73.07 4315.5,-94.07 4654.5,-94.07 4654.5,-73.07 4315.5,-73.07"/>
+<text text-anchor="start" x="4318.5" y="-79.87" font-family="Times,serif" font-size="14.00">&#45;s 172.18.0.0/24 ! &#45;o docker0 &#45;j MASQUERADE</text>
+<polygon fill="white" stroke="transparent" points="4315.5,-52.07 4315.5,-73.07 4654.5,-73.07 4654.5,-52.07 4315.5,-52.07"/>
+<polygon fill="none" stroke="black" points="4315.5,-52.07 4315.5,-73.07 4654.5,-73.07 4654.5,-52.07 4315.5,-52.07"/>
+<text text-anchor="start" x="4471.5" y="-58.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- mangle_POSTROUTING&#45;&gt;nat_POSTROUTING -->
-<g id="edge17" class="edge"><title>mangle_POSTROUTING:end&#45;&gt;nat_POSTROUTING:begin</title>
-<path fill="none" stroke="red" d="M3463.5,-165.5C3530.16,-165.5 3549.36,-165.5 3611.2,-165.5"/>
-<polygon fill="red" stroke="red" points="3611.5,-169 3621.5,-165.5 3611.5,-162 3611.5,-169"/>
+<!-- nat_MASQUERADE -->
+<g id="node14" class="node">
+<title>nat_MASQUERADE</title>
+<polygon fill="white" stroke="transparent" points="4798,-94.07 4798,-115.07 4914,-115.07 4914,-94.07 4798,-94.07"/>
+<polygon fill="none" stroke="black" points="4798,-94.07 4798,-115.07 4914,-115.07 4914,-94.07 4798,-94.07"/>
+<text text-anchor="start" x="4801" y="-101.87" font-family="Times,serif" font-style="italic" font-size="14.00">MASQUERADE</text>
+<polygon fill="white" stroke="transparent" points="4798,-73.07 4798,-94.07 4914,-94.07 4914,-73.07 4798,-73.07"/>
+<polygon fill="none" stroke="black" points="4798,-73.07 4798,-94.07 4914,-94.07 4914,-73.07 4798,-73.07"/>
+<text text-anchor="start" x="4844" y="-80.87" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
+<polygon fill="white" stroke="transparent" points="4798,-52.07 4798,-73.07 4914,-73.07 4914,-52.07 4798,-52.07"/>
+<polygon fill="none" stroke="black" points="4798,-52.07 4798,-73.07 4914,-73.07 4914,-52.07 4798,-52.07"/>
+<text text-anchor="start" x="4842.5" y="-58.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- nat_PREROUTING -->
-<g id="node18" class="node"><title>nat_PREROUTING</title>
-<polygon fill="none" stroke="black" points="766,-219.5 500,-219.5 500,-127.5 766,-127.5 766,-219.5"/>
-<polygon fill="red" stroke="none" points="508,-194.5 508,-215.5 758,-215.5 758,-194.5 508,-194.5"/>
-<polygon fill="none" stroke="black" points="508,-194.5 508,-215.5 758,-215.5 758,-194.5 508,-194.5"/>
-<text text-anchor="start" x="591" y="-202.3" font-family="Times,serif" font-style="italic" font-size="14.00">PREROUTING</text>
-<polygon fill="tomato" stroke="none" points="508,-173.5 508,-194.5 758,-194.5 758,-173.5 508,-173.5"/>
-<polygon fill="none" stroke="black" points="508,-173.5 508,-194.5 758,-194.5 758,-173.5 508,-173.5"/>
-<text text-anchor="start" x="624" y="-181.3" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
-<polygon fill="none" stroke="black" points="508,-152.5 508,-173.5 758,-173.5 758,-152.5 508,-152.5"/>
-<text text-anchor="start" x="511" y="-159.3" font-family="Times,serif" font-size="14.00">&#45;m addrtype &#45;&#45;dst&#45;type LOCAL &#45;j DOCKER</text>
-<polygon fill="none" stroke="black" points="508,-131.5 508,-152.5 758,-152.5 758,-131.5 508,-131.5"/>
-<text text-anchor="start" x="623" y="-138.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- nat_POSTROUTING&#45;&gt;nat_MASQUERADE -->
+<g id="edge7" class="edge">
+<title>nat_POSTROUTING:rule_0&#45;&gt;nat_MASQUERADE:begin</title>
+<path fill="none" stroke="white" d="M4654,-83.07C4714.5,-83.07 4732.11,-83.07 4787.91,-83.07"/>
+<polygon fill="white" stroke="white" points="4788,-86.57 4798,-83.07 4788,-79.57 4788,-86.57"/>
 </g>
 <!-- mangle_PREROUTING&#45;&gt;nat_PREROUTING -->
-<g id="edge9" class="edge"><title>mangle_PREROUTING:end&#45;&gt;nat_PREROUTING:begin</title>
-<path fill="none" stroke="red" d="M349,-184.5C415.656,-184.5 434.859,-184.5 496.696,-184.5"/>
-<polygon fill="red" stroke="red" points="497,-188 507,-184.5 497,-181 497,-188"/>
+<g id="edge9" class="edge">
+<title>mangle_PREROUTING:end&#45;&gt;nat_PREROUTING:begin</title>
+<path fill="none" stroke="red" d="M362,-509.07C422.5,-509.07 440.11,-509.07 495.91,-509.07"/>
+<polygon fill="red" stroke="red" points="496,-512.57 506,-509.07 496,-505.57 496,-512.57"/>
 </g>
-<!-- nat_OUTPUT -->
-<g id="node16" class="node"><title>nat_OUTPUT</title>
-<polygon fill="none" stroke="black" points="2921,-165.5 2566,-165.5 2566,-73.5 2921,-73.5 2921,-165.5"/>
-<polygon fill="red" stroke="none" points="2574.5,-140.5 2574.5,-161.5 2913.5,-161.5 2913.5,-140.5 2574.5,-140.5"/>
-<polygon fill="none" stroke="black" points="2574.5,-140.5 2574.5,-161.5 2913.5,-161.5 2913.5,-140.5 2574.5,-140.5"/>
-<text text-anchor="start" x="2717.5" y="-148.3" font-family="Times,serif" font-style="italic" font-size="14.00">OUTPUT</text>
-<polygon fill="tomato" stroke="none" points="2574.5,-119.5 2574.5,-140.5 2913.5,-140.5 2913.5,-119.5 2574.5,-119.5"/>
-<polygon fill="none" stroke="black" points="2574.5,-119.5 2574.5,-140.5 2913.5,-140.5 2913.5,-119.5 2574.5,-119.5"/>
-<text text-anchor="start" x="2735" y="-127.3" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
-<polygon fill="none" stroke="black" points="2574.5,-98.5 2574.5,-119.5 2913.5,-119.5 2913.5,-98.5 2574.5,-98.5"/>
-<text text-anchor="start" x="2577.5" y="-105.3" font-family="Times,serif" font-size="14.00">! &#45;d 127.0.0.0/8 &#45;m addrtype &#45;&#45;dst&#45;type LOCAL &#45;j DOCKER</text>
-<polygon fill="none" stroke="black" points="2574.5,-77.5 2574.5,-98.5 2913.5,-98.5 2913.5,-77.5 2574.5,-77.5"/>
-<text text-anchor="start" x="2734" y="-84.3" font-family="Times,serif" font-size="14.00">end</text>
+<!-- mangle_INPUT&#45;&gt;filter_INPUT -->
+<g id="edge11" class="edge">
+<title>mangle_INPUT:end&#45;&gt;filter_INPUT:begin</title>
+<path fill="none" stroke="red" d="M1025,-445.07C1190.49,-445.07 1234.26,-455.62 1394.76,-456.05"/>
+<polygon fill="red" stroke="red" points="1395,-459.55 1405,-456.07 1395,-452.55 1395,-459.55"/>
 </g>
 <!-- mangle_OUTPUT&#45;&gt;nat_OUTPUT -->
-<g id="edge14" class="edge"><title>mangle_OUTPUT:end&#45;&gt;nat_OUTPUT:begin</title>
-<path fill="none" stroke="red" d="M2350.5,-89.5C2447.83,-89.5 2471.17,-127.745 2563.44,-130.36"/>
-<polygon fill="red" stroke="red" points="2563.45,-133.86 2573.5,-130.5 2563.55,-126.861 2563.45,-133.86"/>
+<g id="edge15" class="edge">
+<title>mangle_OUTPUT:end&#45;&gt;nat_OUTPUT:begin</title>
+<path fill="none" stroke="red" d="M2826,-403.07C2889.15,-403.07 2907.44,-403.07 2965.86,-403.07"/>
+<polygon fill="red" stroke="red" points="2966,-406.57 2976,-403.07 2966,-399.57 2966,-406.57"/>
 </g>
-<!-- nat_MASQUERADE -->
-<g id="node15" class="node"><title>nat_MASQUERADE</title>
-<polygon fill="none" stroke="black" points="4163,-180 4051,-180 4051,-109 4163,-109 4163,-180"/>
-<polygon fill="none" stroke="black" points="4059,-154.5 4059,-175.5 4155,-175.5 4155,-154.5 4059,-154.5"/>
-<text text-anchor="start" x="4062" y="-162.3" font-family="Times,serif" font-style="italic" font-size="14.00">MASQUERADE</text>
-<polygon fill="none" stroke="black" points="4059,-133.5 4059,-154.5 4155,-154.5 4155,-133.5 4059,-133.5"/>
-<text text-anchor="start" x="4098" y="-141.3" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
-<polygon fill="none" stroke="black" points="4059,-112.5 4059,-133.5 4155,-133.5 4155,-112.5 4059,-112.5"/>
-<text text-anchor="start" x="4097" y="-119.3" font-family="Times,serif" font-size="14.00">end</text>
-</g>
-<!-- nat_OUTPUT&#45;&gt;filter_OUTPUT -->
-<g id="edge15" class="edge"><title>nat_OUTPUT:end&#45;&gt;filter_OUTPUT:begin</title>
-<path fill="none" stroke="red" d="M2914.5,-87.5C2997.4,-87.5 3020.67,-87.5 3098.68,-87.5"/>
-<polygon fill="red" stroke="red" points="3099,-91.0001 3109,-87.5 3099,-84.0001 3099,-91.0001"/>
-</g>
-<!-- nat_DOCKER -->
-<g id="node17" class="node"><title>nat_DOCKER</title>
-<polygon fill="none" stroke="black" points="3213,-252.5 3065,-252.5 3065,-160.5 3213,-160.5 3213,-252.5"/>
-<polygon fill="none" stroke="black" points="3073,-227.5 3073,-248.5 3205,-248.5 3205,-227.5 3073,-227.5"/>
-<text text-anchor="start" x="3111.5" y="-235.3" font-family="Times,serif" font-style="italic" font-size="14.00">DOCKER</text>
-<polygon fill="none" stroke="black" points="3073,-206.5 3073,-227.5 3205,-227.5 3205,-206.5 3073,-206.5"/>
-<text text-anchor="start" x="3130" y="-214.3" font-family="Times,serif" font-style="italic" font-size="14.00">nat</text>
-<polygon fill="none" stroke="black" points="3073,-185.5 3073,-206.5 3205,-206.5 3205,-185.5 3073,-185.5"/>
-<text text-anchor="start" x="3076" y="-192.3" font-family="Times,serif" font-size="14.00">&#45;i docker0 &#45;j RETURN</text>
-<polygon fill="none" stroke="black" points="3073,-164.5 3073,-185.5 3205,-185.5 3205,-164.5 3073,-164.5"/>
-<text text-anchor="start" x="3129" y="-171.3" font-family="Times,serif" font-size="14.00">end</text>
-</g>
-<!-- nat_OUTPUT&#45;&gt;nat_DOCKER -->
-<g id="edge5" class="edge"><title>nat_OUTPUT:rule_0&#45;&gt;nat_DOCKER:begin</title>
-<path fill="none" stroke="black" d="M2914.5,-108.5C2996.14,-108.5 2987.75,-208.742 3062.01,-216.965"/>
-<polygon fill="black" stroke="black" points="3061.83,-220.46 3072,-217.5 3062.2,-213.47 3061.83,-220.46"/>
-</g>
-<!-- nat_PREROUTING&#45;&gt;mangle_FORWARD -->
-<g id="edge18" class="edge"><title>nat_PREROUTING:end&#45;&gt;mangle_FORWARD:begin</title>
-<path fill="none" stroke="red" d="M759,-141.5C825.867,-141.5 845.131,-141.5 907.163,-141.5"/>
-<polygon fill="red" stroke="red" points="907.5,-145 917.5,-141.5 907.5,-138 907.5,-145"/>
-</g>
-<!-- nat_PREROUTING&#45;&gt;mangle_INPUT -->
-<g id="edge10" class="edge"><title>nat_PREROUTING:end&#45;&gt;mangle_INPUT:begin</title>
-<path fill="none" stroke="red" d="M759,-141.5C844.969,-141.5 840.545,-42.6961 919.452,-34.9771"/>
-<polygon fill="red" stroke="red" points="919.677,-38.4704 929.5,-34.5 919.345,-31.4783 919.677,-38.4704"/>
+<!-- mangle_FORWARD&#45;&gt;filter_FORWARD -->
+<g id="edge21" class="edge">
+<title>mangle_FORWARD:end&#45;&gt;filter_FORWARD:begin</title>
+<path fill="none" stroke="red" d="M1036,-318.07C1097.71,-318.07 1113.09,-292.15 1169.74,-289.32"/>
+<polygon fill="red" stroke="red" points="1170.09,-292.81 1180,-289.07 1169.92,-285.81 1170.09,-292.81"/>
 </g>
-<!-- nat_PREROUTING&#45;&gt;nat_DOCKER -->
-<g id="edge6" class="edge"><title>nat_PREROUTING:rule_0&#45;&gt;nat_DOCKER:begin</title>
-<path fill="none" stroke="black" d="M759,-162.5C827.695,-162.5 842.077,-185.229 910,-195.5 1106.7,-225.245 1157.06,-233.5 1356,-233.5 1356,-233.5 1356,-233.5 2320.5,-233.5 2651.15,-233.5 2736.19,-217.826 3061.8,-217.505"/>
-<polygon fill="black" stroke="black" points="3062,-221.005 3072,-217.5 3062,-214.005 3062,-221.005"/>
+<!-- mangle_POSTROUTING -->
+<g id="node19" class="node">
+<title>mangle_POSTROUTING</title>
+<polygon fill="red" stroke="transparent" points="4053,-137.07 4053,-158.07 4171,-158.07 4171,-137.07 4053,-137.07"/>
+<polygon fill="none" stroke="black" points="4053,-137.07 4053,-158.07 4171,-158.07 4171,-137.07 4053,-137.07"/>
+<text text-anchor="start" x="4056" y="-144.87" font-family="Times,serif" font-style="italic" font-size="14.00">POSTROUTING</text>
+<polygon fill="tomato" stroke="transparent" points="4053,-116.07 4053,-137.07 4171,-137.07 4171,-116.07 4053,-116.07"/>
+<polygon fill="none" stroke="black" points="4053,-116.07 4053,-137.07 4171,-137.07 4171,-116.07 4053,-116.07"/>
+<text text-anchor="start" x="4085.5" y="-123.87" font-family="Times,serif" font-style="italic" font-size="14.00">mangle</text>
+<polygon fill="white" stroke="transparent" points="4053,-95.07 4053,-116.07 4171,-116.07 4171,-95.07 4053,-95.07"/>
+<polygon fill="none" stroke="black" points="4053,-95.07 4053,-116.07 4171,-116.07 4171,-95.07 4053,-95.07"/>
+<text text-anchor="start" x="4098.5" y="-101.87" font-family="Times,serif" font-size="14.00">end</text>
 </g>
-<!-- nat_POSTROUTING&#45;&gt;nat_MASQUERADE -->
-<g id="edge7" class="edge"><title>nat_POSTROUTING:rule_0&#45;&gt;nat_MASQUERADE:begin</title>
-<path fill="none" stroke="black" d="M3900.5,-143.5C3966.95,-143.5 3986.09,-143.5 4047.73,-143.5"/>
-<polygon fill="black" stroke="black" points="4048,-147 4058,-143.5 4048,-140 4048,-147"/>
+<!-- mangle_POSTROUTING&#45;&gt;nat_POSTROUTING -->
+<g id="edge19" class="edge">
+<title>mangle_POSTROUTING:end&#45;&gt;nat_POSTROUTING:begin</title>
+<path fill="none" stroke="red" d="M4171,-105.07C4231.5,-105.07 4249.11,-105.07 4304.91,-105.07"/>
+<polygon fill="red" stroke="red" points="4305,-108.57 4315,-105.07 4305,-101.57 4305,-108.57"/>
+</g>
+<!-- security_INPUT&#45;&gt;raw_OUTPUT -->
+<g id="edge13" class="edge">
+<title>security_INPUT:end&#45;&gt;raw_OUTPUT:begin</title>
+<path fill="none" stroke="red" d="M2065,-445.07C2235.38,-445.07 2280.48,-445.07 2445.96,-445.07"/>
+<polygon fill="red" stroke="red" points="2446,-448.57 2456,-445.07 2446,-441.57 2446,-448.57"/>
+</g>
+<!-- security_OUTPUT&#45;&gt;mangle_POSTROUTING -->
+<g id="edge18" class="edge">
+<title>security_OUTPUT:end&#45;&gt;mangle_POSTROUTING:begin</title>
+<path fill="none" stroke="red" d="M3909,-222.07C3982.31,-222.07 3976.81,-134.86 4042.74,-126.68"/>
+<polygon fill="red" stroke="red" points="4043.23,-130.16 4053,-126.07 4042.81,-123.17 4043.23,-130.16"/>
+</g>
+<!-- security_FORWARD&#45;&gt;mangle_POSTROUTING -->
+<g id="edge23" class="edge">
+<title>security_FORWARD:end&#45;&gt;mangle_POSTROUTING:begin</title>
+<path fill="none" stroke="red" d="M2832,-14.07C3373.49,-14.07 3506.37,-124.65 4042.67,-126.05"/>
+<polygon fill="red" stroke="red" points="4043,-129.55 4053,-126.07 4043,-122.55 4043,-129.55"/>
 </g>
 </g>
 </svg>

From 8bb1018a9bf28b9e798cd553157094660c2c46c4 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 08:23:25 +0000
Subject: [PATCH 7/9] update link to use local example img

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 1c58fa0..f5ad3c2 100644
--- a/README.md
+++ b/README.md
@@ -28,4 +28,4 @@ $ dot -Tsvg a.dot -o a.svg
 ```
 
 ### Example Graph
-![example.svg](https://raw.githubusercontent.com/AChingYo/iptables-graph/main/example.svg)
+![example.svg](https://raw.githubusercontent.com/dethrophes/iptables-graph/main/example.svg)

From 7210effc49d65641dfaceabd1457650d70085b74 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 13:31:36 +0000
Subject: [PATCH 8/9] Add chain target. Show return paths for --jump and
 --goto.

---
 iptables-graph | 140 ++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 109 insertions(+), 31 deletions(-)

diff --git a/iptables-graph b/iptables-graph
index 17cc682..e23854e 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -4,19 +4,22 @@ import os
 import re
 import string
 
+def default_chain_setup():
+    return { 'target': None, 'rules' : list(), 'jump_to_list' : list(), 'goto_list' : list() }
+
 do_ebtables = os.getenv('USE_EBTABLES', default=False)
 if not do_ebtables:
-    all_chains = {	'raw':	    {'PREROUTING':list(), 'OUTPUT':list()},
-        'filter':   {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()},
-        'nat':	    {'PREROUTING':list(), 'OUTPUT':list(), 'POSTROUTING':list()},
-        'mangle':   {'PREROUTING':list(), 'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list(), 'POSTROUTING':list()},
-        'security': {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()}}
+    all_chains = {	'raw':	    {'PREROUTING':default_chain_setup(), 'OUTPUT':default_chain_setup()},
+        'filter':   {'INPUT':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'FORWARD':default_chain_setup()},
+        'nat':	    {'PREROUTING':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'POSTROUTING':default_chain_setup()},
+        'mangle':   {'PREROUTING':default_chain_setup(), 'INPUT':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'FORWARD':default_chain_setup(), 'POSTROUTING':default_chain_setup()},
+        'security': {'INPUT':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'FORWARD':default_chain_setup()}}
 
 else:
     all_chains = {
-        'filter':   {'INPUT':list(), 'OUTPUT':list(), 'FORWARD':list()},
-        'nat':	    {'PREROUTING':list(), 'OUTPUT':list(), 'POSTROUTING':list()},
-        'broute':   {'BROUTING':list()}
+        'filter':   {'INPUT':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'FORWARD':default_chain_setup()},
+        'nat':	    {'PREROUTING':default_chain_setup(), 'OUTPUT':default_chain_setup(), 'POSTROUTING':default_chain_setup()},
+        'broute':   {'BROUTING':default_chain_setup()}
         }
 
 defualt_chain_list = ['PREROUTING', 'FORWARD', 'INPUT', 'OUTPUT', 'POSTROUTING', 'BROUTING']
@@ -35,28 +38,39 @@ def parse_input(input_string):
         token_list = line.split()
         if not token_list :
             continue
-        if token_list[0][1:] in all_chains.keys():
-            current_table = token_list[0][1:]
+        if token_list[0][0] == '*':
+            if token_list[0][1:] in all_chains:
+                current_table = token_list[0][1:]
+                continue
+        elif token_list[0][0] == ':':
+            current_chain = token_list[0][1:]
+            if current_chain not in all_chains[current_table]:
+                all_chains[current_table][current_chain] = default_chain_setup()
+            all_chains[current_table][current_chain]['target'] = token_list[1]
             continue
         if token_list[0] == '-A':
             current_chain = token_list[1]
             if current_chain not in all_chains[current_table]:
-                all_chains[current_table][current_chain] = list()
+                all_chains[current_table][current_chain] = default_chain_setup()
 
             rule_body = stats
-            target = ''
-            if token_list[-2] == '-j' and token_list[-1] not in ['RETURN', 'ACCEPT', 'DROP']:
-                target = token_list[-1]
-                if target not in all_chains[current_table]:
-                    all_chains[current_table][target] = list()
-                rule_body += ' '.join(token_list[2:])
-            else:
-                rule_body += ' '.join(token_list[2:])
+            target = None
+            for i, token in enumerate(token_list):
+                if token in [ '-j', '--jump', '-g', '--goto' ] and token_list[i + 1] :
+                    target = { 
+                            'chain' : token_list[i + 1],
+                            'type' : token
+                        }
+                    if target['chain'] in ['RETURN', 'ACCEPT', 'DROP', 'DNAT', 'SNAT', 'NFLOG']:
+                        target['type'] = 'SPECIAL'
+                    elif target['chain'] not in all_chains[current_table]:
+                        all_chains[current_table][target['chain']] = default_chain_setup()
 
-            all_chains[current_table][current_chain].append({'rule_body':rule_body, 'target':target})
-            continue
-        else:
-            continue
+            rule_body += ' '.join(token_list[2:])
+
+            all_chains[current_table][current_chain]['rules'].append({'rule_body':rule_body, 'target':target})
+
+        continue
 
 
 def get_node_name(table_name, chain_name):
@@ -80,8 +94,9 @@ def escape_xml(s):
 
 default_port_ranges = '''
 red=29700:29799,47000:48653,48659,48662,48663,48753,48754,48850:49151,49200:49799
-green=80
+green=80,443,8080,8000,4443
 yellow=22
+pink=0:1024
 '''
 
 def expand_port_range(port_range):
@@ -128,6 +143,9 @@ def conv_port_range(r):
 colors = {
         'bgcolor'       : 'black',
         'norm_link'     : 'white',
+        'return_link'   : 'green',
+        'goto_return_link'   : 'blue',
+        'jump_return_link'   : 'purple',
         'chain_link'    : 'red',
         'unused_rule'   : 'lightgrey',
         'used_rule'     : 'darkgrey',
@@ -135,6 +153,39 @@ colors = {
         'user_chain'    : ['white', 'white'],
 }
 
+from pprint import pprint
+
+cached_links = list()
+def filter_duplicate_links(link):
+    global cached_links
+    if link in cached_links:
+        return ''
+
+    cached_links.append(link)
+    return link
+
+def create_goto_backref(chains, chain, target_node, color):
+    global colors
+    output = ''
+    for source_node in chains[chain]['jump_to_list']:
+        output += filter_duplicate_links('{} -> {} [color="{}"]\n'.format(target_node, source_node, colors[color]))
+    for cchain in chains[chain]['goto_list']:
+        output += create_goto_backref(chains, cchain, target_node, color)
+    return output
+
+
+
+def test_chain_return(chains, chain, recurse):
+    """ Test if the last rule of the destination chain is ACCEPT or DROP """
+    if chains[chain]['rules']:
+        last_rule = chains[chain]['rules'][-1]
+        if last_rule['target']:
+            if last_rule['target']['type'] in ['SPECIAL'] and last_rule['target']['chain'] in ['ACCEPT', 'DROP']:
+                return False
+            if recurse:
+                return test_chain_return(chains, last_rule['target']['chain'], recurse)
+    return True
+
 def create_output(all_chains):
     global default_port_ranges, colors
     port_ranges = conv_port_range(os.getenv('PORT_RANGE', default=default_port_ranges))
@@ -151,13 +202,15 @@ def create_output(all_chains):
             node_name = get_node_name(table, chain)
             tmp_body = node_name + """ [label=<<table border="0" cellborder="1" cellspacing="0">"""
             if chain in defualt_chain_list:
-                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['default_chain'][0], escape_xml( chain ))
+                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['default_chain'][0], escape_xml( '{}[{}]'.format(chain, all_chains[table][chain]['target']) ))
                 tmp_body +='\n<tr><td port="begin" bgcolor="{}"><i>{}</i></td></tr>'.format( colors['default_chain'][1], escape_xml( table ))
             else:
-                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['user_chain'][0], chain )
+                tmp_body +='\n<tr><td bgcolor="{}"><i>{}</i></td></tr>'.format(colors['user_chain'][0], escape_xml( '{}[{}]'.format(chain, all_chains[table][chain]['target']) ) )
                 tmp_body +='\n<tr><td port="begin" bgcolor="{}"><i>{}</i></td></tr>'.format(colors['user_chain'][1], escape_xml( table ))
-            for i in range(len(all_chains[table][chain])):
-                rule = all_chains[table][chain][i]
+
+
+
+            for i, rule in enumerate(all_chains[table][chain]['rules']):
                 tmp_body += '\n<tr><td port="{}"{}>{}</td></tr>'.format(get_port_name(i), get_rule_attributes(port_ranges, rule), escape_xml( rule["rule_body"] ))
             tmp_body += '<tr><td port="end" bgcolor="{}">end</td></tr>'.format(colors['user_chain'][1])
             tmp_body += '</table>>];'
@@ -165,13 +218,38 @@ def create_output(all_chains):
 
     for table in all_chains:
         for chain in all_chains[table]:
-            for i in range(len(all_chains[table][chain])):
-                rule = all_chains[table][chain][i]
+            for i, rule in enumerate(all_chains[table][chain]['rules']):
                 if rule['target']:
                     source_node = get_node_name(table, chain) + ':' + get_port_name(i)
-                    target_node = get_node_name(table, rule['target']) + ':begin'
+                    if rule['target']['type'] in ['-j' , '--jump']:
+                        all_chains[table][rule['target']['chain']]['jump_to_list'].append(source_node)
+                    elif rule['target']['type'] in ['-g' , '--goto']:
+                        if chain not in all_chains[table][chain]['goto_list']:
+                            all_chains[table][rule['target']['chain']]['goto_list'].append(chain)
+
+    for table in all_chains:
+        for chain in all_chains[table]:
+            for i, rule in enumerate(all_chains[table][chain]['rules']):
+                if rule['target']:
+                    source_node = get_node_name(table, chain) + ':' + get_port_name(i)
+
+                    if rule['target']['type'] in ['SPECIAL']:
+                        if rule['target']['chain'] in ['RETURN']:
+                            output += create_goto_backref(all_chains[table], chain, source_node, 'return_link')
+                        continue
+                    target_node = get_node_name(table, rule['target']['chain']) + ':begin'
                     output += '{} -> {} [color="{}"]\n'.format(source_node, target_node, colors['norm_link'])
 
+                    #
+                    # Create return links.
+                    #
+                    if test_chain_return(all_chains[table], rule['target']['chain'], True):
+                        target_node = get_node_name(table, rule['target']['chain']) + ':end'
+                        if rule['target']['type'] in ['-j' , '--jump']:
+                            output += '{} -> {} [color="{}"]\n'.format(target_node, source_node, colors['jump_return_link'])
+                        elif rule['target']['type'] in ['-g' , '--goto']:
+                            output += create_goto_backref(all_chains[table], chain, target_node, 'goto_return_link')
+
     def default_chain_link(src_table_name, src_chain_name, dst_table_name, dst_chain_name):
         source_node = get_node_name(src_table_name, src_chain_name) + ':end'
         target_node = get_node_name(dst_table_name, dst_chain_name) + ':begin'

From 96c0c273a9f7b84d1f98801b3f0710830dcc7284 Mon Sep 17 00:00:00 2001
From: dethophes <dethophes@users.noreply.github.com>
Date: Sun, 29 Oct 2023 20:04:04 +0000
Subject: [PATCH 9/9] fix typo in range calculation.

---
 iptables-graph | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/iptables-graph b/iptables-graph
index e23854e..d0bcdfc 100755
--- a/iptables-graph
+++ b/iptables-graph
@@ -106,7 +106,7 @@ def expand_port_range(port_range):
         if len(r) == 2:
             prange += range(int(r[0]), int(r[1]) + 1)
         else:
-            prange = [  int(r[0])  ]
+            prange += [  int(r[0])  ]
     return prange
 
 def test_port_range_in_port_range(a, b):