#/bin/sh
: ' vim:set ft=sh nowrap: '

: '140506 PeterG <pg_scr {at} scr.for.sabi.co.UK>'

if false
then
  for C in '/etc/env-SITE' '/etc/env-HULL' '/etc/env-NODE' \
    '/etc/site' '/etc/env' '/etc/bootenv'
  do test -r "$C" && . "$C"
  done
fi

: ${IP4_PROTO='2 41 47'}
: ${IP6_PROTO=''}

: '
  DFLNDV: default name of local network interface
  DFLNIP: default address of local network interface.

  DFEXDV: default name of external interface
  DFEXIP: default address of external interface.
'

# SITE wide networks
####################

case "$SITE" in

'sabity')
  PREF='192.168.1'
  PREF6='2001:06f8:0351:0184';;

'fonera')
  PREF='192.168.10';;

'rimu')
  PREF='207.210.242'
  PREF6='2002:cfd2:f2f1';;

'IPPP')
  PREF='129.234.186';;

'DURSG')
  PREF='129.234.193';;

'DLS-VIS')
  PREF='172.23'
  PREF6='';;

esac

# SITE+NODE network conf
########################

case "$SITE+$NODE" in

'sabity+base'|'sabitylan+base')

  : ${DFLNET4="$PREF.0/26"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFLNET6="$PREF6::/80"}
  : ${DFLNBC6=''}

  case "$LNDV" in
  'wlan0')
    : ${DFLNIP4="$PREF.35"}
    : ${DFLNIP6="$PREF6::23"};;
  *)
    : ${DFLNDV4='eth0'}
    : ${DFLNDV6='eth0'}
    : ${DFLNIP4="$PREF.34"}
    : ${DFLNIP6="$PREF6::22"};;
  esac

  case "$SITE" in
  'sabity')
    case "$EXDV" in
    'wlan0')
      : ${DFEXIP4="$PREF.35"};;
    *)
      : ${DFEXDV4='eth0'}
      : ${DFEXDV6='sixxs'}
      : ${DFEXIP4="$PREF.34"}
      : ${DFEXIP6="2001:06f8:0202:0184::2"}
    esac;;
  esac
  ;;

'sabity+tree'|'sabitylan+tree')

  : ${DFLNET4="$PREF.0/26"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFLNET6="$PREF6::/80"}
  : ${DFLNBC6=''}

  case "$LNDV" in
  'wlan0')
    : ${DFLNIP4="$PREF.41"}
    : ${DFLNIP6="$PREF6::29"};;
  *)
    : ${DFLNDV4='eth0'}
    : ${DFLNDV6='eth0'}
    : ${DFLNIP4="$PREF.40"}
    : ${DFLNIP6="$PREF6::28"};;
  esac

  case "$SITE" in
  'sabity')
    case "$EXDV" in
    'wlan0')
      : ${DFEXIP4="$PREF.41"};;
    *)
      : ${DFEXDV4='eth0'}
      : ${DFEXDV6='sixxs'}
      : ${DFEXIP4="$PREF.40"}
      : ${DFEXIP6="2a01:0348:0006:00ca::2"};;
    esac;;
  esac;;

'sabity+soft')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4="$PREF.0/26"}
  : ${DFLNIP4="$PREF.38"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFLNDV6='eth0'}
  : ${DFLNET6="$PREF6::/80"}
  : ${DFLNIP6="$PREF6::26"}
  : ${DFLNBC6=''}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4="$PREF.38"}

  : ${DFEXDV6='eth0'}
  : ${DFEXIP6="$PREF6::26"}
  ;;

'fonera+soft')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4="$PREF.0/26"}
  : ${DFLNIP4="$PREF.38"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4="$PREF.38"}
  ;;

'sabity+leaf')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4="$PREF.0/26"}
  : ${DFLNIP4="$PREF.36"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFLNDV6='eth0'}
  : ${DFLNET6="$PREF6::/80"}
  : ${DFLNIP6="$PREF6::24"}
  : ${DFLNBC6=''}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4="$PREF.36"}

  : ${DFEXDV6='eth0'}
  : ${DFEXIP6="$PREF6::24"}
  ;;

'rimu+sabico')

  : ${DFLNDV4=''}
  : ${DFLNET4=''}
  : ${DFLNIP4=''}
  : ${DFLNBC4=''}

  : ${DFLNDV6=''}
  : ${DFLNET6=''}
  : ${DFLNIP6=''}
  : ${DFLNBC6=''}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4="$PREF.241"}

  : ${DFEXDV6='sixto'}
  : ${DFEXIP6="$PREF6::0"}

  : ${IP4_PROTO='41'}
  : ${IP6_PROTO=''}
  ;;

'three'+*)
  : ${DFEXDV4='ppp0'}
  : ${DFEXIP4='@'}
  : ${DFEXDV6='sixxs'}
  : ${DFEXIP6="2001:06f8:0202:0184::2"};;

'IPPP+tree'|'DURSG+tree')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4="$PREF.0/24"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFEXDV4='eth0'}
  ;;

'DLS-VIS+tree')

  : ${DFEXDV4='eth0'}
  ;;

'vas+leaf')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4="$PREF.0/24"}
  : ${DFLNIP4="$PREF.236"}
  : ${DFLNBC4="$PREF.255"}

  : ${DFLNDV6='eth0'}
  : ${DFLNET6="$PREF6::/80"}
  : ${DFLNIP6="$PREF6::23"}
  : ${DFLNBC6=''}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4="$PREF.236"}

  : ${DFEXDV6='sixxs'}
  : ${DFEXIP6="$PREF6::2"}
  ;;

'specs+leaf')

  : ${DFLNDV4='eth0'}
  : ${DFLNET4='10.4.22.0/23'}
  : ${DFLNIP4='10.4.22.233'}
  : ${DFLNBC4='10.4.23.255'}

  : ${DFLNDV6=''}
  : ${DFLNET6=''}
  : ${DFLNIP6=''}
  : ${DFLNBC6=''}

  : ${DFEXDV4='eth0'}
  : ${DFEXIP4='10.4.22.233'}

  : ${DFEXDV6=''}
  : ${DFEXIP6=''}
  ;;

esac

# 'LNDV_LNET?_ONLY' means to ensure that only local network addresses
# are emitted or accepted on the local network interface. This should
# be 'true' for hosts with an external interface and 'false' for those
# without, unless no communication with other networks is desired. But
# note that external interface traffic is checked before this.

# 'LNDV_LNIP?_ONLY' means to ensure that packets outgoing/incoming from
# the local interface have as source/destination address the canonical
# local address.  Ideally yes, but in particular with IPv6 the local
# interface may have many valid addresses.

# 'EXDV_EXIP?_ONLY' means that only packets targeted at the external
# interface, or originating from the external interface, are acceptable
# on the external link. This means that all external traffic should be
# masqueraded. For IPv6 it should always be 'false'.

# 'EXDV_EXIP_DYNAMIC' means that the address of the external interface,
# may change. For IPv6 it should (nearly) always be 'false'.

# 'STATELESS' for not using connection tracking
# 'MASQUERADING' to use NAT+port renumbering.

# 'TRACK_FTP' means to do connection tracking on FTP connections, which
# is usually required for passive FTP.

# 'TRACK_FTP_CANT' means that connection tracking on FTP connections
# does not quite work (usually because of async mode), so we just allow
# all connections.

# Common ports
##############

#   AICCU:	3874T 5072U in+out
#   Teredo and AYIAY-beta: 3544u 3874u 5072u
#   KDC:	88TU in+out, 749TU out (password/admin) 754TU in+out (replic.)
IP6_P_B='3544,3874,5072'
PGP_P_O='11371'
KDC_P_B='88,749'
NFS_P_B='2049'
AFS_P_B='7000,7001,7002,7003,7004,7005,7006,7007'

#   SIP:	5060T in+out, 5082T out (proxy), 3478 (STUN), 7000-7007U (out)
#   IAX2:	4569U in+out, 7078-7081U in+out (convention)
#   RTSP:	564 10000-10009
SIP_P_B='5060,5082,7000,7001,7002,7003,7004,7005,7006'
IAX_P_B='4569,11078,11079,11090,11091'
RTS_P_B='564,10000,10001,10002,10003,10004,10005,10006,10007,10008,10009'

#   aMule:	4662T,4665U,4672U in/out, 4242T,4661T,5306T,5661T out
#   Gnutella:	6346
#   BitTorrent:	6881-6889T in+out
GTL_P_B='6346'
AMU_P_B='4662,4665,4672'
AMU_P_O='4242,4661,5306,5661'
BTO_P_B='6881,6882,6883,6884,6885,6886,6887,6888,6889'

# SITE+NODE specific
####################

case "$SITE+$NODE" in

'sabity+base'|'sabitylan+base')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ true; }
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET6_ONLY()	{ false; }
  LNDV_LNIP6_ONLY()	{ false; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ true; }
  ALLOW_H323()		{ false; }

  TCP_P_MIN_DEL="$TCP_P_MIN_DEL	$SIP_P_B,122      $RTS_P_B,ntp $KDC_P_B"
  UDP_P_MIN_DEL="$UDP_P_MIN_DEL	$SIP_P_B,$IAX_P_B $RTS_P_B,ntp $KDC_P_B"

  TCP_P_MAX_THR="$TCP_P_MAX_THR $AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B,522,5000,5001"
  UDP_P_MAX_THR="$UDP_P_MAX_THR	$AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B $AFS_P_B"

  TCP_P_BL="$TCP_P_BL	domain,ntp,snmp,ipp,122,522"
  UDP_P_BL="$UDP_P_BL	domain,ntp,snmp,tftp,syslog"
  TCP_P_BL="$TCP_P_BL	5000,5001,ftp,ftp-data,ftps,ftps-data,http,https,nntp,nntps"
  UDP_P_BL="$UDP_P_BL	5000,5001"
  TCP_P_BL="$TCP_P_BL	sunrpc,$NFS_P_B,$SMB_P"
  UDP_P_BL="$UDP_P_BL	sunrpc,$NFS_P_B,$SMB_P"

  TCP_P_OX="$TCP_P_OX	domain,ntp,snmp,ftp,ftp-data,ftps,ftps-data,http,https,nntp,nntps"
  UDP_P_OX="$UDP_P_OX	domain,ntp,snmp"

  TCP_P_BX="$TCP_P_BX	sunrpc,$NFS_P_B,$SMB_P $KDC_P_B,auth,122,522"
  UDP_P_BX="$UDP_P_BX	sunrpc,$NFS_P_B,$SMB_P $KDC_P_B,$IP6_P_B,$AFS_P_B"
  TCP_P_BX="$TCP_P_BX	$SIP_P_B,$GTL_P_B $RTS_P_B"
  UDP_P_BX="$UDP_P_BX	$SIP_P_B,$IAX_P_B $RTS_P_B"
  TCP_P_BX="$TCP_P_BX	$AMU_P_B $BTO_P_B"
  UDP_P_BX="$UDP_P_BX	$AMU_P_B $BTO_P_B"
  ;;

'sabity+tree'|'sabity+leaf')

  LNDV_LNET4_ONLY()	{ true; }  # Dst addr filtering
  LNDV_LNIP4_ONLY()	{ true; }  # Src addr filtering
  EXDV_EXIP4_ONLY()	{ true; }  # Src addr filtering/NAT
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET6_ONLY()	{ false; } # Dst addr filtering
  LNDV_LNIP6_ONLY()	{ true; }  # Src addr filtering
  EXDV_EXIP6_ONLY()	{ false; } # Src addr filtering/NAT
  EXDV_EXIP6_DYNAMIC()	{ false; }

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ true; }
  ALLOW_H323()		{ false; }

  TCP_P_MIN_DEL="$TCP_P_MIN_DEL	$SIP_P_B,122"
  UDP_P_MIN_DEL="$UDP_P_MIN_DEL	$SIP_P_B,$IAX_P_B $RTS_P_B"

  TCP_P_MAX_THR="$TCP_P_MAX_THR $AMU_P_B,$AMU_P_O $BTO_P_B,522,5000,5001"
  UDP_P_MAX_THR="$UDP_P_MAX_THR	$AMU_P_B,$AMU_P_O $BTO_P_B $AFS_P_B"

  TCP_P_BL="$TCP_P_BL	domain,ntp,snmp,ipp,122,522"
  UDP_P_BL="$UDP_P_BL	domain,ntp,snmp,tftp,syslog"
  TCP_P_BL="$TCP_P_BL	5000,5001,ftp,ftp-data,ftps,ftps-data,http,https,nntp,nntps"
  UDP_P_BL="$UDP_P_BL	5000,5001"
  TCP_P_BL="$TCP_P_BL	sunrpc,$NFS_P_B,$SMB_P"
  UDP_P_BL="$UDP_P_BL	sunrpc,$NFS_P_B,$SMB_P"

  TCP_P_OX="$TCP_P_OX	domain,ntp,snmp,ftp,ftp-data,ftps-data,http,https,nntp,nntps" 
  UDP_P_OX="$UDP_P_OX	domain,ntp,snmp"
  TCP_P_OX="$TCP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$PGP_P_O"
  UDP_P_OX="$UDP_P_OX	sunrpc,$NFS_P_B,$SMB_P"

  TCP_P_BX="$TCP_P_BX	$SIP_P_B,$GTL_P_B $RTS_P_B $KDC_P_B,auth,122,522"
  UDP_P_BX="$UDP_P_BX	$SIP_P_B,$IAX_P_B $RTS_P_B $KDC_P_B,$AFS_P_B,$IP6_P_B"
  TCP_P_BX="$TCP_P_BX	$AMU_P_B $BTO_P_B"
  UDP_P_BX="$UDP_P_BX	$AMU_P_B $BTO_P_B"
  ;;

'laptop+tree'|'three+tree'|'laptop+leaf'|'three+leaf')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ true; }
  EXDV_EXIP4_DYNAMIC()	{ true; }

  LNDV_LNET6_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ true; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ false; }
  ALLOW_H323()		{ false; }

  TCP_P_MIN_DEL="$TCP_P_MIN_DEL	$SIP_P_B,$GTL_P_B $RTS_P_B,$KDC_P_B,122"
  UDP_P_MIN_DEL="$UDP_P_MIN_DEL	$SIP_P_B,$IAX_P_B $RTS_P_B,$KDC_P_B"

  TCP_P_MAX_THR="$TCP_P_MAX_THR $AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B,522,5000,5001"
  UDP_P_MAX_THR="$UDP_P_MAX_THR	$AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B"

  TCP_P_OX="$TCP_P_OX	domain,ntp,snmp,ftp,ftp-data,ftps-data,http,https,nntp,nntps" 
  UDP_P_OX="$UDP_P_OX	domain,ntp,snmp"
  TCP_P_OX="$TCP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B,$PGP_P_O"
  UDP_P_OX="$UDP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B,$AFS_P_B"

  TCP_P_BX="$TCP_P_BX	$SIP_P_B,$GTL_P_B $RTS_P_B auth,122,522"
  UDP_P_BX="$UDP_P_BX	$SIP_P_B,$IAX_P_B $RTS_P_B $IP6_P_B"
  TCP_P_BX="$TCP_P_BX	$AMU_P_B $BTO_P_B"
  UDP_P_BX="$UDP_P_BX	$AMU_P_B $BTO_P_B"
  ;;

'sabity+soft'|'fonera+soft')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ true; }
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET6_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ true; }
  ALLOW_H323()		{ false; }

  TCP_P_MIN_DEL="$TCP_P_MIN_DEL	$SIP_P_B,122      $RTS_P_B,ntp $KDC_P_B"
  UDP_P_MIN_DEL="$UDP_P_MIN_DEL	$SIP_P_B,$IAX_P_B $RTS_P_B,ntp $KDC_P_B"

  TCP_P_MAX_THR="$TCP_P_MAX_THR $AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B,522,5000,5001"
  UDP_P_MAX_THR="$UDP_P_MAX_THR	$AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B $AFS_P_B"

  TCP_P_BL="$TCP_P_BL	5000,5001,ntp,snmp,122,522"
  UDP_P_BL="$UDP_P_BL	5000,5001,ntp,snmp"
  TCP_P_BL="$TCP_P_BL	sunrpc,$NFS_P_B,$SMB_P"
  UDP_P_BL="$UDP_P_BL	sunrpc,$NFS_P_B,$SMB_P"

  TCP_P_OL="$TCP_P_BL	domain,ipp,printer"
  UDP_P_OL="$UDP_P_BL	domain,tftp,syslog"

  TCP_P_OX="$TCP_P_OX	domain,ntp,snmp,ftp,ftp-data,ftps,ftps-data,http,https,nntp,nntps"
  UDP_P_OX="$UDP_P_OX	domain,ntp,snmp"
  TCP_P_OX="$TCP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B,$PGP_P_O"
  UDP_P_OX="$UDP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B"

  TCP_P_BX="$TCP_P_BX	$RTS_P_B auth,122,522"
  UDP_P_BX="$UDP_P_BX	$SIP_P_B,$IAX_P_B $RTS_P_B $IP6_P_B,$AFS_P_B"
  TCP_P_BX="$TCP_P_BX	$AMU_P_B $BTO_P_B"
  UDP_P_BX="$UDP_P_BX	$AMU_P_B $BTO_P_B"
  ;;

'rimu+sabico')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ false; }
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET6_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ false; }
  ALLOW_H323()		{ false; }

  TCP_P_MIN_DEL="$TCP_P_MIN_DEL	$SIP_P_B          $RTS_P_B $KDC_P_B,122"
  UDP_P_MIN_DEL="$UDP_P_MIN_DEL	$SIP_P_B,$IAX_P_B $RTS_P_B $KDC_P_B"

  TCP_P_MAX_THR="$TCP_P_MAX_THR $AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B,522,5000,5001"
  UDP_P_MAX_THR="$UDP_P_MAX_THR	$AMU_P_B,$AMU_P_O,$GTL_P_B $BTO_P_B"

  TCP_P_OX="$TCP_P_OX	ntp,snmp"
  UDP_P_OX="$UDP_P_OX	ntp,snmp,syslog"
  TCP_P_OX="$TCP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B,$PGP_P_O"
  UDP_P_OX="$UDP_P_OX	sunrpc,$NFS_P_B,$SMB_P,$KDC_P_B"

  TCP_P_BX="$TCP_P_BX	domain,5000,5001,auth,ftp,ftps,ftp-data,ftps-data,http,https,nntp,nntps,122,522"
  UDP_P_BX="$UDP_P_BX	domain,5000,5001"
  if false
  then
    TCP_P_BX="$TCP_P_BX	sunrpc,$NFS_P_B,$SMB_P"
    UDP_P_BX="$UDP_P_BX	sunrpc,$NFS_P_B,$SMB_P"
  fi
  ;;

'IPPP+tree'|'DLS-VIS+tree')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ true; }
  EXDV_EXIP4_DYNAMIC()	{ true; }

  LNDV_LNET6_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ false; }
  ALLOW_H323()		{ false; }

  TCP_P_BX="$TCP_P_BX	auth,domain,ftp-data,ftps-data,http,https,nntp,nntps,122,522,5000,5001"

  if true
  then
    TCP_P_BX="$TCP_P_BX sunrpc,$NFS_P_B,$SMB_P,$PGP_P_O"
    UDP_P_BX="$UDP_P_BX sunrpc,$NFS_P_B,$SMB_P,$PGP_P_O"
  elif true
  then
    TCP_P_OX="$TCP_P_OX sunrpc,$NFS_P_B,$SMB_P"
    UDP_P_OX="$UDP_P_OX sunrpc,$NFS_P_B,$SMB_P"
  fi

  TCP_P_BL="$TCP_P_BL	ntp,514,ipp,snmp"
  UDP_P_BL="$UDP_P_BL	ntp,514,ipp,snmp,tftp"
  ;;

'vas+leaf')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ false; }
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET6_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ false; }
  ALLOW_H323()		{ false; }

  if true
  then
    TCP_P_BX="$TCP_P_BX   auth,domain,$BTO_P_B,122,522"
    UDP_P_BX="$UDP_P_BX   domain,$BTO_P_B,iax2"
  fi

  if false
  then
    TCP_P_BX_L="$TCP_P_BX_L $SMB_P"
    UDP_P_BX_L="$UDP_P_BX_L $SMB_P"
  fi
  if true
  then
    TCP_P_OX_L="$TCP_P_OX_L $SMB_P"
    UDP_P_OX_L="$UDP_P_OX_L $SMB_P"
  fi
  ;;

'specs+leaf')

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP4_ONLY()	{ true; }
  EXDV_EXIP4_ONLY()	{ true; }
  EXDV_EXIP4_DYNAMIC()	{ false; }

  LNDV_LNET4_ONLY()	{ true; }
  LNDV_LNIP6_ONLY()	{ true; }
  EXDV_EXIP6_ONLY()	{ false; } # always false
  EXDV_EXIP6_DYNAMIC()	{ false; } # always false

  STATELESS()		{ false; }
  MASQUERADING()	{ false; }

  TRACK_FTP()		{ false; }
  TRACK_FTP_CANT()	{ true; }

  ALLOW_GAMES()		{ false; }
  ALLOW_H323()		{ false; }

  if true
  then
    TCP_P_BX="$TCP_P_BX   auth,domain,$BTO_P_B,122,522"
    UDP_P_BX="$UDP_P_BX   domain,$BTO_P_B,iax2"
  fi

  if false
  then
    TCP_P_BX_L="$TCP_P_BX_L $SMB_P"
    UDP_P_BX_L="$UDP_P_BX_L $SMB_P"
  fi
  if true
  then
    TCP_P_OX_L="$TCP_P_OX_L $SMB_P"
    UDP_P_OX_L="$UDP_P_OX_L $SMB_P"
  fi
  ;;

esac
