
#-----------------------------------------------------------------------
# Copyright (C) 2000-2001, Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#-----------------------------------------------------------------------
# $Id: 095-DMZ-NETWORKS,v 1.6 2001/08/11 17:01:21 jsmoriss Exp $
#-----------------------------------------------------------------------
# README
#-----------------------------------------------------------------------
#
# Accept DMZ network addresses after BLACKLIST hosts
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

# Virtual and Cluster interfaces are excluded as only the physical
# interface needs these rules.
# These rules are only NEEDED for PUBLIC Interfaces !
#
if [ "$DMZ_INTERFACES" -a "$VIRTUAL" = "no" -a ! "$CLUSTER_NAME" -a \
	"`Match_Interface PUBLIC $INTOPT`" ]
then
	echo "Accept $INTOPT <-> DMZ Networks $LOG_MSG"

	ipchains -A $INCHAIN  -j dmzi $LOG
	ipchains -A $OUTCHAIN -j dmzo $LOG
fi

