#----------------------------------------------------------------------------
# /etc/rc.d/fwrules.pre050.portfw
#
# Creation:     2007-02-19 jw5
# Last Update:  $Id: fwrules.pre050.portfw 12739 2007-02-18 10:46:54Z gdw $
#----------------------------------------------------------------------------

pf_fwd_portfw_default () {
    add_rule filter FORWARD 'state:NEW PORTFWACCESS' PF_FORWARD_ACCEPT_DEF
}

#
# redirection chains
#
add_nat_chain PORTFW
add_nat_chain PORTFW_DYN
add_nat_chain PORTFW_STAT
add_rule nat PREROUTING 'PORTFW'

#
# access chains
#
add_chain PORTFWACCESS
add_chain PORTREDIRACCESS

case $PF_FORWARD_ACCEPT_DEF in
    yes)
        pf_fwd_add_default pf_fwd_portfw_default
        ;;
    no)
        [ 0$PF_FORWARD_N -eq 0 ] || for idx in `seq 1 $PF_FORWARD_N`
        do
            var=PF_FORWARD_$idx
            eval rule=\$$var
            case "$rule" in
                pfwaccess-chain)
                    eval $var="'state:NEW PORTFWACCESS'"
                    break
                ;;
            esac
        done
    ;;
esac


pf_in_portredir_default () {
    add_rule filter INPUT 'state:NEW PORTREDIRACCESS' PF_INPUT_ACCEPT_DEF
}

case $PF_INPUT_ACCEPT_DEF in
    yes)
        pf_in_add_default pf_in_portredir_default
        ;;
    no)
        [ 0$PF_INPUT_N -eq 0 ] || for idx in `seq 1 $PF_INPUT_N`
        do
            var=PF_INPUT_$idx
            eval rule=\$$var
            case "$rule" in
                redir-access-chain)
                    eval $var="'state:NEW PORTREDIRACCESS'"
                    break
                ;;
            esac
        done
    ;;
esac