# Forwarding Rules
# Use this file to set up network address translation rules
# Use tabs or single space to separate
#
# <action> <src-interface> <src-address> <dst-interface> <dst-address> <bidirectional> <src-port> <dst-port> <protocol> <syn> <state> <custom>
#
# Action: Required ( ACCEPT | DROP )
# Source Interface: Optional ( interface name, aka eth0 )
# Source Address: Optional ( IP address with optional netmask )
# Destination Interface: Optional ( interface name, aka eth0 )
# Destination Address: Optional ( IP address with optional netmask )
# Bidirectional: Optional ( yes | no, defaults to no if '-' )
#
# The next set can be safely left off the end if not desired
# Source Port: Optional ( source port number, or range 1:65535 )
# Destination Port: Optional ( destination port number, or range 1:65535 )
# Protocol:	Optional, required if port numbers specified ( tcp | udp )
# Syn: Optional, only match (not) syn packets (syn | notsyn )
# State: Optional, set the connection tracking states ( comma separated list )
# Custom: Optional, set custom section after the source/dest and before ACCEPT/DROP
#
# You can use '-' for optional fields
#============================================================
#<action> <src-interface> <src-address> <dst-interface> <dst-address> <bidirectional> <src-port> <dst-port> <protocol> <syn> <state> <custom>
#ACCEPT eth0 - eth1 - yes
#DROP eth1 192.168.2.0/24 eth0 0/0 no
#DROP eth0 - eth1 192.168.0.0/24 no - 1:1024 tcp syn NEW
#ACCEPT eth1 - eth0 - no - - udp - NEW,ESTABLISHED,RELATED
#IN ACCEPT eth0 192.168.0.0/24 eth1 192.168.1.0/24 yes - - - - - -m policy --dir in --pol ipsec --proto esp