filter
iptables -t filter -A{I, D} INPUT{OUTPUT, FORWARD} {n} -p tcp {!} -s 192.168.0.0/24 --sport m:n -- dport x:y -j ACCEPT{DROP, REJECT}
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 22 -j ACCEPT
SNAT
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 222.27.196.8
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j MASQUERADE