{
    # Update any rules which may have changed, meaning
    # - $ExternalIP
    # - enabled/disabled
    # - Transproxy port (unlikely)
    my $rule = 3;
    if (defined $ExternalIP)
    {
	# Accept any accesses to the ExternalIP directly
	$OUT .= "    /sbin/iptables --table nat \\\n";
	$OUT .= "\t--replace TransProxy $rule\\\n";
	$OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
	$rule++;
    }
    my $transproxy = $squid{Transparent} || "yes";
    my $status = $squid{status} || "disabled";
    if ($transproxy eq "yes" && $status eq "enabled")
    {
	##my $proxyport = $squid{TransparentPort} || "3128";
	my $proxyport = $squid{InterceptPort} || "8080";

	# Otherwise, divert port 80 traffic through our proxy
	$OUT .= "    /sbin/iptables --table nat --replace TransProxy $rule\\\n";
	$OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n";
    }
    else
    {
	# Or just let it go unhindered
	$OUT .= "    /sbin/iptables --table nat --replace TransProxy $rule\\\n";
	$OUT .= "\t--jump ACCEPT\n";
    }
}
