# based on /etc/e-smith/templates/etc/rc.d/init.d/masq/55AllowGRE

{
    my $ipsec_status = $ipsec{status} || '';

#    print "Ipsec Information - 56AllowESP - $ipsec_status\n";

    if ( $ipsec_status eq 'enabled' ) {
        $OUT .= "    /sbin/iptables --new-chain esp-in\n";
        $OUT .= "    /sbin/iptables --append INPUT -p ESP -j esp-in\n";
        $OUT .= "    /sbin/iptables --append INPUT -p ESP -j denylog\n";
        $OUT .= "    /sbin/iptables --append esp-in \! -d \$OUTERNET -j denylog\n";
        $OUT .= "    /sbin/iptables --append esp-in -j denylog\n";
    }
    else {
        $OUT .= " # 56AllowESP disabled\n";
    }
}
