
#--------------------------------------------------------------------------
#
# Connection access. This controls access to ALL the request types. If
# a host does not match one of these rules it will be denied access,
# regardless of ANY of the other rules above.
#
#--------------------------------------------------------------------------

# Allow connections from the localhost
ACCEPT SERVICE=X REMOTEIP=127.0.0.1

# Allow connections from subnets in our control
{
    use esmith::NetworksDB;

    my $ndb = esmith::NetworksDB->open_ro();

    my $prefix = "ACCEPT SERVICE=X REMOTEIP=";

    my ($network, undef) =
	esmith::util::computeNetworkAndBroadcast($LocalIP, $LocalNetmask);

    my $result = $prefix . "${network}/${LocalNetmask}";

    foreach my $net ($ndb->get_all_by_prop(type=>'network'))
    {
	my $key = $net->key;
	my %properties = $net->props;
	$result .= "\n" . $prefix . "${key}/$properties{'Mask'}";
    }

    return $result;
}

# Reject all other connections
REJECT SERVICE=X
