if [ "$SHOWRULES" = "yes" ]; then
    echo "Interfaces found:"
fi

# precompute ips and netmasks
if [ -n "$EXTERNAL" -o -n "$INTERNAL" -o -n "$IPSEC" ]; then
    for i in $EXTERNAL $INTERNAL $IPSEC; do
        ii=$(echo $i | sed -e 's/\:/_/g')
        ip=$(ipofif $i)
        nm=$(nmofif $i)
        peer=$(peerofif $i)
	bc=$(bcofif $i)
        eval "IPOFIF_$ii=$ip"
        eval "NMOFIF_$ii=$nm"
        eval "PEEROFIF_$ii=$peer"
	eval "BCOFIF_$ii=$bc"
        if [ "$SHOWRULES" = "yes" ]; then
            echo -e "  $i\t$ip/$nm"
        fi
    done
fi

# precompute ipsec connections
if [ -n "$IPSEC" ]; then
    if [ "$SHOWRULES" = "yes" ]; then
	echo "IPSec connections found:"
    fi
    IPSECCONN=""
    for i in $IPSEC; do
        ii=$(echo $i | sed -e 's/\:/_/g')
        eval "ip=\$IPOFIF_$ii"
        eval "nm=\$IPOFIF_$ii"
	igw=$(ipsec look | grep IPIP:.*src=$ip | sed 's/^\([^[:blank:]]*\).*/\1/')
	conncollect=""
	for ipsecgw in $igw; do
	    conn=$(ipsec look | grep "=> $ipsecgw" | sed 's/^.*=>[[:blank:]]*\([^@[:blank:]]*\).*/\1/')
	    conncollect="$conncollect $conn"
	    eval "IPSEC_IF_$conn=$i"
	    cidrleft=$(ipsec look | grep "=> $ipsecgw" | sed 's/^\([^[:blank:]]*\)[[:blank:]]*->[[:blank:]]*[^[:blank:]]*.*/\1/')
	    eval "IPSEC_HERE_$conn=$cidrleft"
	    cidrright=$(ipsec look | grep "=> $ipsecgw" | sed 's/^[^[:blank:]]*[[:blank:]]*->[[:blank:]]*\([^[:blank:]]*\).*/\1/')
	    eval "IPSEC_THERE_$conn=$cidrright"
	    eval "IPSEC_THERE_$conn=$cidrright"
	done
	IPSECCONN="$IPSECCONN $conncollect"
	eval "IPSECCONN_${ii}=\"$conncollect\""
        if [ "$SHOWRULES" = "yes" ]; then
            echo -e "  $i\t$ip/$nm"
	    for conn in $conncollect; do
		eval "IPSEC_HERE=\$IPSEC_HERE_$conn"
		eval "IPSEC_THERE=\$IPSEC_THERE_$conn"
		echo -e "    $IPSEC_HERE -> $IPSEC_THERE"
	    done
        fi
    done
fi