DEV_DMZ=br1_101
DEV_VOIP=eth2.2
DEV_WIFI=eth2.3
DEV_KVPN=eth2.4
DEV_SVPN=eth2.5

RULE_gen_base_WSC=(
    "${RULE_gen_NS_WSC[@]}"
    "192.168.0.142	tcp     3128"
    "192.168.0.138	udp	  88"			# krb5 auth
    "192.168.0.138	tcp	 754"			# krb5 kprop
    "192.168.0.157	udp	  88"			# krb5 auth
    "192.168.0.157	udp	 464"			# krb5 passwd
    "192.168.0.157	tcp	 749"			# krb5 admin
    "$HOST_LDAP_M	tcp	 389"			# ldap
    "$HOST_LDAP_M	tcp	 636"			# ldap
...
)

RULE_VIRT_int=(
  "${RULE_gen_base_WSC[@]}"
  "192.168.0.84		tcp	  22"		# ssh apadana (backup)
  "192.168.0.177	tcp	  22"		# ssh backup-c-1
  "192.168.0.180	tcp	  22"		# ssh backup-c-2
  "192.168.0.129	udp	  69"		# tftp
)

RULE_VPNRW_int=(
    "${RULE_gen_base_WSC[@]}"

    "-g fwdLOGIN 192.168.0.0/22	tcp	  22"		# SSH
    "-g fwdLOGIN 192.168.0.0/22	tcp	3389"		# RDP

    "${VPNRW_RULES[@]}"
)

addChain fwd-VPNRW-int
    add-dst-vec "${RULE_VPNRW_int[@]}"
    add -j .lreject


addChain fwd-VIRT-int
    add-dst-vec "${RULE_VIRT_int[@]}"
    add -j .ldrop


addChain f-VPNRW-xxx
    add -o "$DEV_WS"		-j fwd-VPNRW-int
    add -o "$DEV_VOIP"		-j fwd-VPNRW-int
    add -o "$DEV_WPA"		-j fwd-VPNRW-int
    ...
    add -o "$DEV_DMZ"		-j fwd-VPNRW-DMZ


selectChain FORWARD
    setPolicy   DROP
    ...
    add -i "$DEV_WS"			-j f-WS-xxx
    add -i "$DEV_DMZ"			-j f-DMZ-xxx
    add -i "$DEV_VOIP"			-j f-VOIP-xxx