diff --git a/expose_forwards.ps1 b/expose_forwards.ps1
index 0dd9ff0..3b79a69 100644
--- a/expose_forwards.ps1
+++ b/expose_forwards.ps1
@@ -52,11 +52,40 @@ function Test-IptablesRule {
 
     Write-Output ($check.ExitCode -eq 0)
 }
+function Add-IptablesRule {
+    param (
+        [string]$Chain,
+        [string]$Table = 'nat',
+        [array]$Rule
+    )
+
+    $argument_list = @(
+        '-t'
+        $Table
+        '-A'
+        $Chain
+    )+$Rule
+
+    $add_splat = @{
+        FilePath     = 'iptables'
+        ArgumentList = $argument_list
+        Wait         = $true
+        PassThru     = $true
+    }
+
+    if(-not (Test-IptablesRule -Chain $Chain -Rule $Rule)) {
+        $add = Start-Process @add_splat
+        if(0 -ne $add.ExitCode) {
+            Write-Error 'Adding iptables rule failed'
+        }
+    }
+}
 
 # setup SWARM-NAT chain
 $chain = 'SWARM-NAT'
 Write-Output ('Create chain {0}' -f $chain)
 Add-IptablesChain -Chain $chain
+Add-IptablesRule -Chain 'PREROUTING' -Rule '-m','addrtype','--dst-type','LOCAL','-j',$chain
 
 
 foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
@@ -116,11 +145,6 @@ foreach($yaml in (Get-ChildItem -Filter '*.yml')) {
 
 #TODO: port from bash
 
-chain_rule='-m addrtype --dst-type LOCAL -j SWARM-NAT'
-if ! iptables -t nat -C PREROUTING $chain_rule; then
-    Write-Output 'Add jump rule for SWARM-NAT'
-    iptables -t nat -A PREROUTING $chain_rule
-fi
 
 
 bridge=$(