#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 115-https-clients,v 1.3 2001/10/16 05:59:40 dholmes Exp $
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# accept ignore deny
#i# cluster
#n# https
#t# clients
#
#   |--------------------------------------------------------------------|
#d# The accept option opens access to your port 443 (secure HTTP) for 
#d# these hosts/networks. If you have a secure (SSL) web server on your
#d# firewall, you'll probably want to use "any/0".
#d#
#d# You might want anyone to connect to your secure web server, but you'd
#d# like to exclude a few hosts and/or networks. They could have tried to
#d# attack this service, shouldn't know about it, etc. Use the ignore 
#d# and/or deny options. The deny option will log every failed packet, 
#d# where-as the ignore option will not log anything.
#d#
#d# Example:
#d#   accept-eth1-https-clients = any/0
#d#     deny-eth1-https-clients = 207.253.78.0/24
#d#
#d# This will let anyone connect to your HTTPS server, except hosts in the 
#d# 207.253.78.* network.
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for action in ignore deny accept
do
	for host in `Option_Value $action $INTOPT https clients`
	do
		Hostports $action local tcp "HTTPS" $host https
	done
done
unset action host

