
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 090-PRIVATE-NETWORKS,v 1.5 2001/08/11 17:01:21 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# Private network addresses need to be blocked AFTER DHCP clients and
# BEFORE any services use the "any/0" wildcard.
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

# Do NOT filter-out private IPs on DMZ *interfaces*. This would stop
# LAN traffic from reaching DMZ servers. Virtual interfaces are also 
# excluded since they're not routed in the first place. :-)
#
if [ "$VIRTUAL" = "no" -a ! "$CLUSTER_NAME" -a \
	! "`Match_Interface DMZ $INTERFACE`" ]
then
	echo "Deny/Reject $INTERFACE <-> Private Networks (logged)"

	ipchains -A $INCHAIN  -j prii $LOG
	ipchains -A $OUTCHAIN -j prio $LOG
fi

