{
    # Update any rules which may have changed, meaning
    # - $ExternalIP

    my $rule = 3;
    if (defined $ExternalIP)
    {
	# Accept any accesses to the ExternalIP directly
	$OUT .= "    /sbin/iptables --table nat \\\n";
	$OUT .= "\t--replace SMTPProxy $rule\\\n";
	$OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
	$rule++;
    }

    $OUT .= "    /sbin/iptables --flush SMTPProxy\n";

    if (${smtpd}{'Proxy'} eq 'transparent')
    {
	$OUT .= "    /sbin/iptables --table nat --replace SMTPProxy $rule\\\n";
	$OUT .= "\t-p TCP -j DNAT --to $LocalIP:25\n";
    }
    elsif (${smtpd}{'Proxy'} eq 'blocked')
    {
	# Replace it with nothing, but keep the rule entry as a placeholder
	# for each re-enabling.
	$OUT .= "    /sbin/iptables --table nat --replace SMTPProxy $rule\n";
	$OUT .= "    /sbin/iptables --append SMTPProxy\\\n";
	$OUT .= "\t-p tcp --dport 25 -i \$INTERNALIF -j denylog\n";
    }
    else
    {
	# Replace it with nothing, but keep the rule entry as a placeholder
	# for each re-enabling.
	$OUT .= "    /sbin/iptables --table nat --replace SMTPProxy $rule\n";
    }
}
