# You should not edit this file.  Instead, create a file with the same
# name as this one, but with a .rul extension instead of .def.  The
# .rul file will override this one.
#
# However, any changes you make to this file will be preserved.

# precompute ips and netmasks
if [ -n "$IPSEC" ]; then
    if [ "$SHOWRULES" = "yes" ]; then
	echo "#: IPSec interfaces found:"
    fi
    IPSECGW=""
    for i in $IPSEC; do
        ii=$(echo $i | sed -e 's/\:/_/g')
	igw=$(ipsec look | grep IPIP:.*src=$ip | sed 's/^\([^[:blank:]]*\).*/\1/')
	cidrcollect=""
	for ipsecgw in $igw; do
	    cidr=$(ipsec look | grep "=> $ipsecgw" | sed 's/^\([^[:blank:]]*\).*/\1/')
	    cidrcollect="$cidrcollect $cidr"
	done
	eval "CIDROFIPSEC_${ii}=\"$cidrcollect\""
        if [ "$SHOWRULES" = "yes" ]; then
            /bin/echo -e "#:   $i\t$ip/$nm\t$cidrcollect"
        fi
    done
fi