rule 'IN_ONLY --logical-in br-client -i bat0 -j RETURN'
rule 'IN_ONLY --logical-in br-client -i local-port -j RETURN'
rule 'IN_ONLY --logical-in br-client -j DROP'

rule 'OUT_ONLY --logical-out br-client -o bat0 -j RETURN'
rule 'OUT_ONLY --logical-out br-client -o local-port -j RETURN'
rule 'OUT_ONLY --logical-out br-client -j DROP'