# You should not edit this file.  Instead, create a file with the same
# name as this one, but with a .rul extension instead of .def.  The
# .rul file will override this one.
#
# However, any changes you make to this file will be preserved.

#: Forward packets among internal and IPsec networks
if [ -n "$IPSEC" ]; then
    for j in $IPSEC; do
	jj=$(echo $j | sed -e 's/\:/_/g')
	eval "CIDROFIPSEC=\$CIDROFIPSEC_$jj"
	for DESTCIDR in $CIDROFIPSEC; do
	    for i in $INTERNAL; do
		if [ "$i" != "$j" ]; then
		    ipnm_cache $i
		    case $MASQMETHOD in
		    ipfwadm)
			if [ -n "$PEEROFIF" ]; then
			    $IPFWADM -F -a accept -S $PEEROFIF/$NMOFIF -D $DESTCIDR
			fi
			$IPFWADM -F -a accept -S $IPOFIF/$NMOFIF -D $DESTCIDR
			;;
		    ipchains)
			if [ -n "$PEEROFIF" ]; then
			    $IPCHAINS --no-warnings -A forward -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR
			fi
			$IPCHAINS --no-warnings -A forward -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR
			;;
		    netfilter)
			if [ -n "$PEEROFIF" ]; then
		    	    $IPTABLES -A FORWARD -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR
			fi
			$IPTABLES -A FORWARD -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR
			;;
		    esac
		fi
	    done
	done
    done
fi