{
    my $policy = $DialupConnWeekend;

    $OUT .= "\n";
    $OUT .= "#------------------------------------------------------------\n";
    $OUT .= "# Use \"$policy\" connect policy during the weekend\n";
    $OUT .= "#------------------------------------------------------------\n";
    $OUT .= "\n";
    $OUT .= "restrict * * 0,6 * *\n";
    $OUT .= "\n";

    if ($policy eq 'continuous')
    {
	$OUT .= "up\n";
    }
    elsif ($policy eq 'never')
    {
	$OUT .= "down\n";
    }
    else
    {

	#--------------------------------------------------
        # "short" policy: HTTP transfers get 3 minutes,
	# everything else gets 30 seconds.
	#--------------------------------------------------

	my $httpHold  = 180;
	my $otherHold = 30;

	if ($policy eq 'medium')
	{
	    #--------------------------------------------------
	    # "medium" policy: HTTP transfers get 10 minutes,
	    # everything else gets 5 minutes.
	    #--------------------------------------------------

	    $httpHold  = 600;
	    $otherHold = 300;
	}
	elsif ($policy eq 'long')
	{
	    #--------------------------------------------------
	    # "long" policy: HTTP transfers get 20 minutes,
	    # everything else gets 10 minutes.
	    #--------------------------------------------------

	    $httpHold  = 1200;
	    $otherHold = 600;
	}

        #------------------------
        # Rules for TCP packets.
        #------------------------
        
	# If we force the line up (for example to trigger fetchmail)
	# but no packets are sent, specify how long to hold the line
	# up:

        $OUT .= "first-packet-timeout $otherHold\n";

        # The first rule is designed to give the link 30 seconds up time
        # when we are initiating a TCP connection.  The idea here is to deal
        # with possibility that the network on the opposite end of the
        # connection is unreachable.  In this case you don't really want to
        # give the link 10 minutes up time. With the rule below we only give
        # the link 30 seconds initially.  If the network is reachable then
        # we will normally get a response that actually contains some data
        # within 30 seconds.  If this causes problems because you have a
        # slow response time at some site you want to regularly access, you
        # can either increase the timeout or remove this rule.
        
        $OUT .= "accept tcp 30 tcp.syn\n";

        # If you are running named, then it will send data across the link
        # periodically to synchronize against other domain name servers.
        # Since this can happen at any time, it is undesirable to keep the
        # link up for it. Therefore, we ignore any tcp traffic from or to a
        # domain name server.
        
        $OUT .= "ignore tcp tcp.dest=tcp.domain\n";
        $OUT .= "ignore tcp tcp.source=tcp.domain\n";
        
        # Normally the packet that starts a connection is longer that 40
        # bytes, since it normally contains TCP options to specify the MSS.
        # However, some TCP implementations don't include these options.
        # Therefore, we must be careful not to ignore SYN packets that are
        # only 40 bytes long.

        $OUT .= "accept tcp 30 ip.tot_len=40,tcp.syn\n";

        # Otherwise, we want to ignore any TCP packet that is only 40 bytes
        # long, since it is not carrying any data. However, we don't want to
        # ignore 40 byte packets that mark the closing of a connection,
        # since we use those to cut short the timeout on connections that
        # have died.  Therefore we must test the tcp.live flag here. If it
        # is not set we might want to see this packet later on in the rules.

        $OUT .= "ignore tcp ip.tot_len=40,tcp.live\n";

        # Make sure http transfers hold the link up, even after they end.
        # This prevents web browsers from bouncing the connection too much.

        $OUT .= "accept tcp $httpHold tcp.dest=tcp.www\n";
        $OUT .= "accept tcp $httpHold tcp.source=tcp.www\n";

	if ($SquidParent)
	{
	    $OUT .= "accept tcp $httpHold tcp.dest=tcp.wwwproxy\n";
	    $OUT .= "accept tcp $httpHold tcp.source=tcp.wwwproxy\n";
	}

        # Once the link is no longer live, we try to shut down the
        # connection quickly. Note that if the link is already down, the
        # closing of the a connection (which will generate traffic) will not
        # bring it back up.
        
        $OUT .= "keepup tcp $otherHold !tcp.live\n";
        $OUT .= "ignore tcp !tcp.live\n";

        # Finally, if we don't match the TCP packet somewhere above, then we
        # give the link 10 minutes up time. Most TCP packets match this
        # rule. Note that as soon as the TCP connection is closed, the keepup
	# rule above overwrites the timeout.

        $OUT .= "accept tcp 600 any\n";
        
        #-----------------------
        # Rules for UDP packets
        #-----------------------
        
        # Don't bring the link up for rwho:
        
        $OUT .= "ignore udp udp.dest=udp.who\n";
        $OUT .= "ignore udp udp.source=udp.who\n";
        
        # Don't bring the link up for routing packets:
        
        $OUT .= "ignore udp udp.dest=udp.route\n";
        $OUT .= "ignore udp udp.source=udp.route\n";
        
        # Don't bring the link up for NTP or timed:
        
        $OUT .= "ignore udp udp.dest=udp.ntp\n";
        $OUT .= "ignore udp udp.source=udp.ntp\n";
        $OUT .= "ignore udp udp.dest=udp.timed\n";
        $OUT .= "ignore udp udp.source=udp.timed\n";
        
        # Don't bring up on domain name requests between
	# two running copies of named:
        
        $OUT .= "ignore udp udp.dest=udp.domain,udp.source=udp.domain\n";
        
        # Bring up the network for domain requests:
        
        $OUT .= "accept udp 30 udp.dest=udp.domain \n";
        $OUT .= "accept udp 30 udp.source=udp.domain\n";
        
        # Bring up the network for netbios requests,
	# except between netbios servers:
        
        $OUT .= "ignore udp udp.source=udp.netbios-ns,udp.dest=udp.netbios-ns\n";
        $OUT .= "accept udp 30 udp.dest=udp.netbios-ns\n";
        $OUT .= "accept udp 30 udp.source=udp.netbios-ns\n";
        
        # Any other UDP packets:
        
        $OUT .= "accept udp $otherHold any\n";
        
        # Catch any packets that we didn't catch above:
        
        $OUT .= "accept any $otherHold any\n";
    }
}
