blob: cad4d78560ada2cc5b1ab91cd39bdc2395015096 (
plain)
- # You should not edit this file. Instead, create a file with the same
- # name as this one, but with a .rul extension instead of .def. The
- # .rul file will override this one.
- #
- # However, any changes you make to this file will be preserved.
- #: Forward packets among internal and IPsec networks
- if [ -n "$IPSEC" ]; then
- for j in $IPSEC; do
- jj=$(echo $j | sed -e 's/\:/_/g')
- eval "CIDROFIPSEC=\$CIDROFIPSEC_$jj"
- for DESTCIDR in $CIDROFIPSEC; do
- for i in $INTERNAL; do
- if [ "$i" != "$j" ]; then
- ipnm_cache $i
- case $MASQMETHOD in
- ipfwadm)
- if [ -n "$PEEROFIF" ]; then
- $IPFWADM -F -a accept -S $PEEROFIF/$NMOFIF -D $DESTCIDR
- fi
- $IPFWADM -F -a accept -S $IPOFIF/$NMOFIF -D $DESTCIDR
- ;;
- ipchains)
- if [ -n "$PEEROFIF" ]; then
- $IPCHAINS --no-warnings -A forward -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR
- fi
- $IPCHAINS --no-warnings -A forward -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR
- ;;
- netfilter)
- if [ -n "$PEEROFIF" ]; then
- $IPTABLES -A FORWARD -j ACCEPT -s $PEEROFIF/$NMOFIF -d $DESTCIDR
- fi
- $IPTABLES -A FORWARD -j ACCEPT -s $IPOFIF/$NMOFIF -d $DESTCIDR
- ;;
- esac
- fi
- done
- done
- done
- fi
|
