+ if [ "${MASQUERADE_BLUE}" = "off" ]; then
+ NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${BLUE_NETADDRESS}/${BLUE_NETMASK}"
+ fi
+
+ if [ "${MASQUERADE_ORANGE}" = "off" ]; then
+ NO_MASQ_NETWORKS="${NO_MASQ_NETWORKS} ${ORANGE_NETADDRESS}/${ORANGE_NETMASK}"
+ fi
+
+ local network
+ for network in ${NO_MASQ_NETWORKS}; do
+ iptables -t nat -A REDNAT -s "${network}" -o "${IFACE}" -j RETURN
+ done
+
+ # Masquerade everything else
+ iptables -t nat -A REDNAT -o $IFACE -j MASQUERADE
+ fi
+
+ # Reload all rules.
+ /usr/local/bin/firewallctrl
+}
+
+iptables_red_down() {
+ # Prohibit packets to reach the masquerading rule
+ # while the wan interface is down - this is required to
+ # circumvent udp related NAT issues
+ # http://forum.ipfire.org/index.php?topic=11127.0
+ if [ -n "${IFACE}" ]; then
+ iptables -F REDFORWARD
+ iptables -A REDFORWARD -o "${IFACE}" -j DROP