{
    $OUT = '';

    # Create new chain to manage TransProxy stuff
    # Note: We send all traffic destined to port 80, regardless of
    # where it's from, since the filter table will worry about source.
    $OUT .= "    /sbin/iptables --table nat --new-chain TransProxy\n";
    $OUT .= "    /sbin/iptables --table nat --append PREROUTING\\\n";
    $OUT .= "\t-p tcp --dport 80 -j TransProxy\n";

    # Accept any accesses to the local IPs directly

    $OUT .= "    /sbin/iptables --table nat --append TransProxy \\\n";
    $OUT .= "\t--destination 127.0.0.1 --jump ACCEPT\n";
    $OUT .= "    /sbin/iptables --table nat --append TransProxy \\\n";
    $OUT .= "\t--destination $LocalIP --jump ACCEPT\n";

    if (defined $ExternalIP) {
        # Accept any accesses to the ExternalIP directly
        $OUT .= "    /sbin/iptables --table nat --append TransProxy \\\n";
        $OUT .= "\t--destination \$OUTERNET --jump ACCEPT\n";
    }

    my $transproxy = $squid{Transparent} || "yes";
    my $status = $squid{status} || "disabled";
    if ($transproxy eq "yes" && $status eq "enabled") {
        my $proxyport = $squid{TransparentPort} || "3128";

        # Otherwise, divert port 80 traffic through our proxy
        $OUT .= "    /sbin/iptables --table nat --append TransProxy\\\n";
        $OUT .= "\t-p TCP -j DNAT --to $LocalIP:$proxyport\n";
    } else {
        # Or just let it go unhindered
        $OUT .= "    /sbin/iptables --table nat --append TransProxy\\\n";
        $OUT .= "\t--jump ACCEPT\n";
    }
}
