#!/bin/sh
#
# ipmasq	Set up IP Masquerading for Debian systems
#
#		v2.0 19-November-1997

##########
# Incoming Rules

# local interface, local machines, going anywhere is valid
/sbin/ipfwadm -I -a accept -V $3 -S $3/$4

# remote interface, claiming to be local machines, IP spoofing, get lost
/sbin/ipfwadm -I -a deny -V $1 -S $3/$4 -o

# remote interface, any source, going to external address is valid
/sbin/ipfwadm -I -a accept -V $1 -D $1/32

# loopback interface is valid.
/sbin/ipfwadm -I -a accept -W lo

##########
# Outgoing Rules

# local interface, any source going to local net is valid
/sbin/ipfwadm -O -a accept -V $3 -D $3/$4

# outgoing to local net on remote interface, stuffed routing, deny
/sbin/ipfwadm -O -a deny -V $1 -D $3/$4 -o

# anything else outgoing on remote interface is valid
/sbin/ipfwadm -O -a accept -V $1 -S $1/$2

# loopback interface is valid.
/sbin/ipfwadm -O -a accept -W lo

##########
# Masquerading Rules

# Masquerade from local net on local interface to anywhere.
/sbin/ipfwadm -F -a masquerade -V $1 -S $3/$4

##########
# End of ipmasq

