
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept ignore deny ports
#i# cluster
#n# http
#t# clients
#v# ports 80
#
#   |--------------------------------------------------------------------|
#d# The 'accept' option opens access to your http port(s) for these hosts
#d# and/or networks. If you have a web server on your firewall, you'll 
#d# probably want to use 'any/0'. The 'ports' option allows you to change
#d# and/or add other ports than the default 80.
#d#
#d# You might want anyone to connect to your web server, but you'd like to
#d# exclude a few hosts/networks. They could have tried to attack this 
#d# service, shouldn't know about it, etc. Use the 'ignore' and/or 'deny' 
#d# options. The 'deny' option will log every failed packet, where-as the 
#d# 'ignore' option will not log anything.
#d#
#d# Example:
#d#   accept-eth1-http-clients = any/0
#d#     deny-eth1-http-clients = 207.253.78.0/24
#d#
#d# This will let anyone connect to your web server, except hosts in the 
#d# 207.253.78.* network.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for action in ignore deny accept
do
	for host in `Option_Value $action $INTOPT http clients`
	do
		for port in `Option_Value ports $INTOPT http clients`
		do
			Hostports $action local tcp "HTTP" $host $port
		done
	done
done
unset action host port

