+ # Access from GREEN is granted to everywhere
+ if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+ # internet via green
+ # don't check source IP/NET if IFACE is GREEN
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+ else
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ fi
+
+ # Grant access for IPsec VPN connections
+ iptables -A POLICYFWD -m policy --pol ipsec --dir in -j ACCEPT
+
+ # Grant access for OpenVPN connections
+ iptables -A POLICYFWD -i tun+ -j ACCEPT
+