#!/bin/bash


. /ips/setup/.config
. /ips/ip2/.functions

DIR=/ips

echo "#   lans"

if [ "$QOS_BRIDGE" = "1" ]; then

echo -n "denying from $OURDEV : " 
#COM="INPUT -s $OURNET -m mark ! --mark 0 -j DROP"
COM="INPUT -m physdev --physdev-in $OURDEV -j DROP"
rulei "$COM"

for DEV in $LANDEV; do 

echo -n "denying from $DEV : " 
COM="INPUT -m physdev --physdev-in $DEV -j DROP"
rulei "$COM"

done


else

#  from all int drop
echo -n "denying from $OURDEV : " 
COM="INPUT -i $OURDEV -j DROP"
rulei "$COM"

for DEV in $LANDEV; do 

echo -n "denying from $DEV : " 
COM="INPUT -i $DEV -j DROP"
rulei "$COM"

done

fi

echo "#   comps"
# 2008
for MA in $ALL; do 

   if [ "$ADR" = "$MA" ]; then
     continue
   fi   

   i=${SUBNET}${MA}

maybeali $MA

   if [ "$ALIIP" != ""  ]; then
      # nr > 254 can be a computer with IP ALIP
      i="$ALIIP" 
   else
      Z=$[ MA > 254 ]
      if [ "$Z" = "1" ]; then
        continue
      fi   
      if [ -f /ips/gro/c-$MA ]; then
      # class
        continue
      fi
      if [ -f /ips/gro/s-$MA ]; then
      # class
        continue
      fi
    fi

  
   if [ ! -f "/ips/lan/$MA" ]; then
       continue
   fi    
   
   echo -n "accepting from $i : " 
   COM="INPUT -s $i -j ACCEPT"
   rulei "$COM"


done




