#!/bin/sh

# Forwarding, flush and set default policy of deny. Actually the default policy
# is irrelevant because there is a catch all rule with deny and log.
$FW -F -f
$FW -F -p deny

# checking variables.
if [ "$VERBOSE" != "" ] ; then
 for vars_list in $M1 $M2 $M4 $M8 $M10 $M25 $HOST_MASK $ANY_NET $ANY_MASK $HOMEPPP $FREEPPP $CHIEFPPP $SHARED
  do
   echo -ne "$vars_list\n"
  if [ "$vars_list" = "" ] ; then 
   echo "There's unset variable!" 
  fi
done
fi

# Masquerade from local net on local interface to anywhere.
for mashine in $M1 $M2 $M4 $M8 $M10 $M25
do
$FW -F -a masquerade -W ppp0 -S $mashine/$HOST_MASK -D $ANY_NET/$ANY_MASK
done

# this is for slip/ppp client.
for iface in ppp0 ppp1 
do
 for mashine in $HOMEPPP $FREEPPP $CHIEFPPP $SHARED
  do
   $FW -F -a masquerade -W ppp0 -S $mashine/$HOST_MASK -D $ANY_NET/$ANY_MASK -o
  done
done

for client in $TESTPPP $EMAILONLY
do
# warning ! this cicle should be complitely reaudited!
 $FW -F -a masquerade -S $client/$HOST_MASK -D $IP_ETH0/$HOST_MASK -o
 $FW -F -a masquerade -S $client/$HOST_MASK -D $IP_PPP0/$HOST_MASK -o 
done

# catch all rule, all other forwarding is denied and logged.
$FW -F -a deny -S $ANY_NET/$ANY_MASK -D $ANY_NET/$ANY_MASK -o