############################################################
# The Dotfile Generator version 2.3b1
# ipfwadm module version 0.25b
############################################################

############################################################
# __changeFunc
############################################################
set __changeFunc(masq) "
	  if \{\$masquerade\} \{
	    Enable head2
	    Enable defaultpolicy
	    Enable masqservices
	    Enable masq_cuseeme
	    Enable masq_ftp
	    Enable masq_irc
	    Enable masq_quake
	    Enable masq_raudio
	    Enable masq_vdolive
	    Enable head3
            Enable masqlist
	    forevery masqlist \{
	      if \{\$defaultpolicy(index) == 0\} \{
	        Disable hostallow
	      \} else \{
	        Enable hostallow
	      \}
	    \}
	  \} else \{
	    Disable head2
	    Disable defaultpolicy
	    Disable masq_cuseeme
	    Disable masq_ftp
	    Disable masq_irc
	    Disable masq_quake
	    Disable masq_raudio
	    Disable masq_vdolive
	    Disable masqservices
	    Disable head3
	    Disable masqlist
	  \}
    
"
set __changeFunc(allowptp) "
      global FirewallInKernel
      global MasqInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowedhosts
      \} else \{
	set label1 \"is\"
	Enable allowedhosts
        \# If internet or boundary firewall and if not directly on internet
        \# then allow ptp masquerade without killing regular forwarding.
        \# This lets you allow users on the corporate network to poll their ISP's POP server, for example
        if \{\$MasqInKernel != 0 && \$\{isp@on_internet\} != 0 && \$\{isp@internal_firewall\} != 0\} \{
          forevery allowedhosts \{
	    if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              \# only for outbound traffic
              set masquerade 0
              Disable masquerade
            \} else \{
              Enable masquerade
            \}
          \}
        \} else \{
          forevery allowedhosts \{
            set masquerade 0
            Disable masquerade
          \}
        \}
      \}
    
"
set __changeFunc(allowlocalhosts) ""
set __changeFunc(isp) "
      if \{\$on_internet\} \{
        Enable connection_type
        Enable internal_firewall
        if \{(\$connection_type(index) > 3 && \$connection_type(index) < 6) ||
            (\$connection_type(index) > 8 && \$connection_type(index) < 13)\} \{
          Enable ISPIP
        \} else \{
      	  Disable ISPIP
	  set ISPIP \"\"
        \}
        if \{\$internal_firewall\} \{
          Enable allow_10_net
          Enable allow_172_net
          Enable allow_192_net
        \} else \{
          Disable allow_10_net
          Disable allow_172_net
          Disable allow_192_net
        \}
      \} else \{
        Disable connection_type
        Disable ISPIP
        Disable internal_firewall
        Disable allow_10_net
        Disable allow_172_net
        Disable allow_192_net
      \}
    
"
set __changeFunc(denyptp) ""
set __changeFunc(denyservicesglobal) ""
set __changeFunc(general) "
      if \{\$defaultpolicy(index) == 1\} \{
	Enable blockinettcp
	Enable blockinetudp
	Enable outboundtraceroute
	Enable inboundtraceroute
      \} else \{
	Disable blockinettcp
	Disable blockinetudp
	Disable outboundtraceroute
	Disable inboundtraceroute
      \}
      if \{\$\{isp@on_internet\}\} \{
        if \{\$blockXall\} \{
          set blockXftp 0
          Disable blockXftp
        \} else \{
          Enable blockXftp
        \}
      \}
    
"
set __changeFunc(allowhosts) ""
set __changeFunc(denyhosts) "
      if \{\$UseHTTPBlockList\} \{
        Enable HTTPBlockListFile
      \} else \{
        Disable HTTPBlockListFile
      \}
      if \{\$UseSMTPBlockList\} \{
        Enable SMTPBlockListFile
      \} else \{
        Disable SMTPBlockListFile
      \}
    
"
set __changeFunc(denylocalhosts) ""
set __changeFunc(allowservicesglobal) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowoutboundtcpallports
	Disable allowoutboundtcpwellknownports
	Disable allowedservices
      \} else \{
	set label1 \"is\"
	Enable allowedservices
	Enable allowoutboundtcpallports
	if \{\$allowoutboundtcpallports\} \{
	  Disable allowoutboundtcpwellknownports
        \} else \{
	  Enable allowoutboundtcpwellknownports
        \}
      \}
    
"
set __changeFunc(defaultinetpolicy) ""
############################################################
# __ok
############################################################
set __ok(masq) "
	if \{\$masquerade == 0 || \$\{isp@on_internet\} == 0\} \{
	  print \"\# Not masquerading\"
	\} else \{
    	  global IPFWADM
	  if \{\$IPFWADM == \"\"\} \{
	    \# nothing
	  \} else \{
	    global MODPROBE
	    if \{\$MODPROBE != \"\" && (
                  \$masq_cuseeme == 1 ||
	          \$masq_ftp == 1 ||
	          \$masq_irc == 1 ||
	          \$masq_quake == 1 ||
	          \$masq_raudio == 1 ||
	          \$masq_vdolive == 1) \} \{
              print \"\# Load the masquerade support modules for certain services\"
	      if \{\$masq_cuseeme\} \{
                print \$MODPROBE \"ip_masq_cuseeme\"
              \}
	      if \{\$masq_ftp\} \{
                print \$MODPROBE \"ip_masq_ftp\"
              \}
	      if \{\$masq_irc\} \{
                print \$MODPROBE \"ip_masq_irc\"
              \}
	      if \{\$masq_quake\} \{
                print \$MODPROBE \"ip_masq_quake\"
              \}
	      if \{\$masq_raudio\} \{
                print \$MODPROBE \"ip_masq_raudio\"
              \}
	      if \{\$masq_vdolive\} \{
                print \$MODPROBE \"ip_masq_vdolive\"
              \}
	      print
	    \}
	    global LocalNetIP
	    global LocalNetMask
	    global ISPPort
	    global DialdPort
	    global UseIPUP
	    print \"\# Allow forwarding of local network traffic\"
	    print \$IPFWADM \"-F -a accept \\\$LETH -S \\\$LNET -D \\\$LNET\"
	    print \"\# Block forwarding certain traffic that shouldn't go out anyway\"
	    print \"\# reject rather than deny, to aid troubleshooting\"
	    print \$IPFWADM \"-F -a reject \\\$INET -S \\\$LNET -D \\\$LNET\"
	    print \$IPFWADM \"-F -a reject \\\$INET -S \\\$LNET -D 10.0.0.0/8\"
	    print \$IPFWADM \"-F -a reject \\\$INET -S \\\$LNET -D 172.16.0.0/12\"
	    print \$IPFWADM \"-F -a reject \\\$INET -S \\\$LNET -D 192.168.0.0/16\"
	    print
	    if \{\$DialdPort != \"\"\} \{
	      print \"\# Including sl0 is necessary because diald changes the default route from sl0\"
	      print \"\# to pppX as it brings up the link. If sl0 were omitted then the masqueraded\"
	      print \"\# systems would not be able to bring up the link, and would only have their\"
	      print \"\# packets forwarded if the link was already up.\"
	    \}

	    forevery masqlist \{
	      print
	      print \"\# Masquerade \$masqsystem\"

	      if \{\$defaultpolicy(index) == 0\} \{
	        print \"\# Default masquerade policy is allow - block the listed services for \$masqsystem\"
	        set policy \"-a reject\"
	      \} else \{
	        if \{\$hostallow\} \{
	          print \"\# Default masquerade policy for \$masqsystem is allow - block the listed services\"
	          set policy \"-a reject\"
		\} else \{
	          print \"\# Default masquerade policy is block - masquerade the listed services for \$masqsystem\"
	          set policy \"-a accept -m\"
		\}
	      \}

	      forevery servicesbyhost \{
                \# The following regexp contains an escaped tab,
                \# because TCL regexp doesn't recognize octal constants!
	        if \{\[regexp \{^(\[A-Za-z0-9_\\-\]+)\[ \\	\]+(\[0-9\]+)/(tcp|udp)\} \$servicebyhost junk serv port prot\]\} \{
	          \# retrieved from /etc/services
		  print
		  print \$IPFWADM \"-F \$policy \\\$INET -P \$prot -S \$masqsystem/32 -D \\\$ANY \$serv\"
	          if \{\$DialdPort != \"\"\} \{
                    print \$IPFWADM \"-F \$policy \$DialdPort -P \$prot -S \$masqsystem/32 -D \\\$ANY \$serv\"
		  \}
                \} else \{
	          if \{\[regexp \{(\[0-9:\]+)/(tcp|udp)\} \$servicebyhost junk port prot\]\} \{
	            \# typed in by user
                    print \$IPFWADM \"-F \$policy \\\$INET -P \$prot -S \$masqsystem/32 -D \\\$ANY \$port\"
	            if \{\$DialdPort != \"\"\} \{
                      print \$IPFWADM \"-F \$policy \$DialdPort -P \$prot -S \$masqsystem/32 -D \\\$ANY \$port\"
		    \}
                  \} else \{
		    if \{\$servicebyhost != \"\"\} \{
	              print \"\# Syntax error: service \\\"\$servicebyhost\\\" unparseable.\"
		    \}
	          \}
	        \}
	      \}

	      if \{\$defaultpolicy(index) == 1 && \$hostallow\} \{
	        print \"\# Default masquerade policy for \$masqsystem is allow\"
	        print \$IPFWADM \"-F -a accept -m \\\$INET -S \$masqsystem/32 -D \\\$ANY\"
	        if \{\$DialdPort != \"\"\} \{
	          print \$IPFWADM \"-F -a accept -m \$DialdPort -S \$masqsystem/32 -D \\\$ANY\"
	        \}
	      \}
	    \}

	    print
	    print \"\# Global masquerade rules\"
	    if \{\$defaultpolicy(index) == 0\} \{
	      print \"\# Default masquerade policy is allow - block the listed services for all computers\"
	      set policy \"-a reject\"
	    \} else \{
	      print \"\# Default masquerade policy is block - masquerade the listed services for all computers\"
	      set policy \"-a accept -m\"
	    \}

	    forevery masqservices \{
              \# The following regexp contains an escaped tab,
              \# because TCL regexp doesn't recognize octal constants!
	      if \{\[regexp \{^(\[A-Za-z0-9_\\-\]+)\[ \\	\]+(\[0-9\]+)/(tcp|udp)\} \$masqservice junk serv port prot\]\} \{
	        \# retrieved from /etc/services
                print \$IPFWADM \"-F \$policy \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY \$serv\"
	        if \{\$DialdPort != \"\"\} \{
                  print \$IPFWADM \"-F \$policy \$DialdPort -P \$prot -S \\\$LNET -D \\\$ANY \$serv\"
		\}
              \} else \{
	        if \{\[regexp \{(\[0-9:\]+)/(tcp|udp)\} \$masqservice junk port prot\]\} \{
	          \# typed in by user
                  print \$IPFWADM \"-F \$policy \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY \$port\"
	          if \{\$DialdPort != \"\"\} \{
                    print \$IPFWADM \"-F \$policy \$DialdPort -P \$prot -S \\\$LNET -D \\\$ANY \$port\"
		  \}
                \} else \{
		  if \{\$masqservice != \"\"\} \{
	            print \"\# Syntax error: service \\\"\$masqservice\\\" unparseable.\"
		  \}
	        \}
	      \}
	    \}

	    print
	    print \"\# Global masquerade policy\"
	    if \{\$defaultpolicy(index) == 0\} \{
	      print \"\# Default masquerade policy is allow\"
	      print \$IPFWADM \"-F -a accept -m \\\$INET -S \\\$LNET -D \\\$ANY\"
	      if \{\$DialdPort != \"\"\} \{
	        print \$IPFWADM \"-F -a accept -m \$DialdPort -S \\\$LNET -D \\\$ANY\"
	      \}
	    \} else \{
	      print \"\# Default masquerade policy is block\"
	      print \$IPFWADM \"-F -a reject \\\$INET -S \\\$LNET -D \\\$ANY\"
	      if \{\$DialdPort != \"\"\} \{
	        print \$IPFWADM \"-F -a reject \$DialdPort -S \\\$LNET -D \\\$ANY\"
	      \}
	    \}

	  \}
        \}
    
"
set __ok(allowptp) "
      global IPFWADM
      global ISPPort
      global PERL
      global ParseIP
      global MatchService
      global InetIPValid
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\" || \$\{isp@on_internet\} == 0\} \{
        \# nothing
      \} else \{

        forevery allowedhosts \{

          \# If host IP is actually a filename, then parse the IP addresses from the file
          set fromfile 0
          if \{\[file exists \$hostIP\]\} \{
            if \{\$PERL != \"\"\} \{
              set fromfile 1
              set host \"\\\$IP_TO_ALLOW\"
              print
              print \"\# process P-t-P permissions from file \$hostIP\"
              print \"if \\\[ -s \$hostIP \]\"
              print \"then\"
              print \"  \$PERL -n -e '\$ParseIP' \$hostIP | \\\\\"
              print \"  while read IP_TO_ALLOW\"
              print \"  do\"
            \} else \{
              print
              print \"\# perl not found - cannot set P-t-P rules from \$hostIP.\"
              print \"\# Install perl, then regenerate the firewall file.\"
	      \# generate do-nothing rules
	      set host \"0.0.0.0/32\"
            \}
          \} else \{
	    \# get the net mask for the host
	    regexp \{(\[0-9\]+): \} \$hostnetmask junk maskbits
            set host \"\$hostIP/\$maskbits\"
	  \}

	  if \{\[regexp \"\$MatchService\" \$allowservice junk serv port prot\]\} \{
	    \# retrieved from /etc/services
	    
	    set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	    if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              if \{\$prot == \"icmp\"\} \{
                print \"\# Allow ICMP message \$port (\$serv) traffic from Internet network/host \$host to host \$localhostIP on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \$localhostIP/32\"
                print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host \$port -D \$localhostIP/32\"
              \} else \{
	        print \"\# allow Internet network/host \$hostIP to request \$prot service \$serv (port \$port) from host \$localhostIP on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \$localhostIP/32\" \$serv
                print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host -D \$localhostIP/32\" \$serv
                print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host -S \$localhostIP/32\" \$serv
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \$localhostIP/32\" \$serv
              \}
	    \} else \{				\# outbound (specified host is DEST)
              if \{\$prot == \"icmp\"\} \{
                if \{\$masquerade == 0\} \{
	          print \"\# Allow host \$localhostIP on the local net to send ICMP message \$port traffic (\$serv) to Internet network/host \$hostIP\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$host\"
                  print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$host\"
                \} else \{
                  print \"\# Warning: cannot masquerade ICMP traffic (local host \$localhostIP, Internet host/net \$hostIP, message \$port)\"
                \}
              \} else \{
	        print \"\# allow host \$localhostIP on the local net to request \$prot service \$serv (port \$port) from Internet network/host \$hostIP\"
                if \{\$masquerade == 0\} \{
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$serv
                  print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$serv
                  print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 -S \$host\" \$serv
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$localhostIP/32 -S \$host\" \$serv
                \} else \{
                  print \"\# masquerade the traffic so that it appears to come from this system\"
                  if \{\$InetIPValid == 0\} \{
                    print \"\# Warning: Internet interface IP address not known - this may not work reliably.\"
                  \} else \{
                    print \"\# Security Warning: this also allows ANY process on this host to request the \$serv service from Internet network/host \$hostIP\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \$host\" \$serv
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \$host\" \$serv
                  \}
                  print \$IPFWADM \"-F -a accept -m \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$serv
                \}
	      \}
	    \}

	    if \{\$serv == \"ftp\"\} \{
	      \# special handling for ftp-data \"reverse connection\"
	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$localhostIP/32 ftp-data -D \$host 1024:65535 -t 0x00 0x08\"
                print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$localhostIP/32 ftp-data -D \$host 1024:65535\"
                print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 ftp-data -S \$host 1024:65535\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$localhostIP/32 ftp-data -S \$host 1024:65535 -t 0x00 0x08\"
	      \} else \{				\# outbound (specified host is DEST)
                if \{\$masquerade == 0\} \{
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host ftp-data -D \$localhostIP/32 1024:65535 -t 0x00 0x08\"
                  print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host ftp-data -D \$localhostIP/32 1024:65535\"
                  print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \$localhostIP/32 1024:65535\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \$localhostIP/32 1024:65535 -t 0x00 0x08\"
                \} else \{
                  if \{\$InetIPValid != 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host ftp-data -D \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                    \# forwarding is taken care of by the FTP masquerade module...
                    global MODPROBE
	            if \{\$MODPROBE != \"\"\} \{
                      print \$MODPROBE \"ip_masq_ftp\"
                    \} else \{
                      print \"\# Warning: couldn't locate modprobe - masqueraded FTP will be unreliable.\"
                    \}
                  \}
                \}
	      \}
	    \}

          \} else \{

	    if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$allowservice junk port prot\]\} \{
	      \# typed in by user

	      set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Allow ICMP message \$port traffic from Internet network/host \$hostIP to host \$localhostIP on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \$localhostIP/32\"
                  print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host \$port -D \$localhostIP/32\"
                \} else \{
	          print \"\# allow Internet network/host \$hostIP to request \$prot service on port \$port from host \$localhostIP on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \$localhostIP/32\" \$port
                  print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host -D \$localhostIP/32\" \$port
                  print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host -S \$localhostIP/32\" \$port
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \$localhostIP/32\" \$port
	        \}
	      \} else \{				\# outbound (specified host is DEST)
                if \{\$prot == \"icmp\"\} \{
                  if \{\$masquerade == 0\} \{
	            print \"\# Allow host \$localhostIP on the local net to send ICMP message \$port traffic to Internet network/host \$hostIP\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$host\"
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$host\"
                  \} else \{
                    print \"\# Warning: cannot masquerade ICMP traffic (local host \$localhostIP, Internet host/net \$hostIP, message \$port)\"
                  \}
                \} else \{
	          print \"\# allow host \$localhostIP on the local net to request \$prot service on port \$port from Internet network/host \$hostIP\"
                  if \{\$masquerade == 0\} \{
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$port
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$port
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 -S \$host\" \$port
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$localhostIP/32 -S \$host\" \$port
                  \} else \{
                    print \"\# masquerade the traffic so that it appears to come from this system\"
                    if \{\$InetIPValid == 0\} \{
                      print \"\# Warning: Internet interface IP address not known - this may not work reliably.\"
                    \} else \{
                      print \"\# Security Warning: this also allows ANY process on this host to request this service from Internet network/host \$hostIP\"
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \$host\" \$port
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \$host\" \$port
                    \}
                    print \$IPFWADM \"-F -a accept -m \\\$INET -P \$prot -S \$localhostIP/32 -D \$host\" \$port
                  \}
	        \}
	      \}

            \} else \{
              print \"\# Syntax error on host \$hostIP: service \\\"\$allowservice\\\" unparseable.\"
            \}
	  \}
      
          if \{\$fromfile != 0\} \{
            print \"  done\"
            print \"fi\"
            print
          \}
        \}
      \}
    
"
set __ok(allowlocalhosts) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{
	if \{\$\{masq@masquerade\} && \$\{isp@on_internet\}\} \{
	  print \"\# Masquerading is in use. Hosts on the local net will be controlled through\"
	  print \"\# the masquerade options.\"
	\} else \{
	  if \{\$LocalNetIP == \"\"\} \{
	    print \"\# No local network has been detected.\"
	  \} else \{

            forevery allowedhosts \{

	      if \{\[regexp \"\$MatchService\" \$allowservice junk serv port prot\]\} \{
	        \# retrieved from /etc/services

	        set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	        if \{\$direction(index) == 0\} \{		\# inbound (specified host is DEST)
                  if \{\$prot == \"icmp\"\} \{
	            print \"\# Allow any Internet host to send ICMP message \$port trafffic (\$serv) to \$hostIP on the local net\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/32\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY \$port -D \$hostIP/32\"
                    \}
                  \} else \{
	            print \"\# allow any Internet host to request \$prot service \$serv (port \$port) from \$hostIP on the local net\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/32\" \$serv
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY -D \$hostIP/32\" \$serv
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \$hostIP/32\" \$serv
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \$hostIP/32\" \$serv
                  \}
	        \} else \{				\# outbound (specified host is SOURCE)
                  if \{\$prot == \"icmp\"\} \{
	            print \"\# Allow \$hostIP on the local net to send ICMP message \$port traffic (\$serv) to any Internet host\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                  \} else \{
	            print \"\# allow \$hostIP on the local net to request \$prot service \$serv (port \$port) from any Internet host\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY\" \$serv
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY\" \$serv
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$hostIP/32 -S \\\$ANY\" \$serv
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$hostIP/32 -S \\\$ANY\" \$serv
                    \}
	          \}
	        \}

	        if \{\$serv == \"ftp\"\} \{
	          \# special handling for ftp-data \"reverse connection\"
	          if \{\$direction(index) == 0\} \{		\# inbound (specified host is DEST)
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$hostIP/32 ftp-data -D \\\$ANY 1024:65535\"
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$hostIP/32 ftp-data -D \\\$ANY 1024:65535 -t 0x00 0x08\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$hostIP/32 ftp-data -S \\\$ANY 1024:65535 -t 0x00 0x08\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$hostIP/32 ftp-data -S \\\$ANY 1024:65535\"
                    \}
	          \} else \{				\# outbound (specified host is SOURCE)
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY ftp-data -D \$hostIP/32 1024:65535 -t 0x00 0x08\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY ftp-data -D \$hostIP/32 1024:65535\"
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY ftp-data -S \$hostIP/32 1024:65535\"
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY ftp-data -S \$hostIP/32 1024:65535 -t 0x00 0x08\"
	          \}
	        \}

              \} else \{

	        if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$allowservice junk port prot\]\} \{
	          \# typed in by user

	          set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	          if \{\$direction(index) == 0\} \{		\# inbound (specified host is DEST)
                    if \{\$prot == \"icmp\"\} \{
	              print \"\# Allow any Internet host to send ICMP message \$port traffic to \$hostIP on the local net\"
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/32\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY \$port -D \$hostIP/32\"
                      \}
                    \} else \{
	              print \"\# allow any Internet host to request \$prot service on port \$port from \$hostIP on the local net\"
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/32\" \$port
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY -D \$hostIP/32\" \$port
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \$hostIP/32\" \$port
                      \}
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \$hostIP/32\" \$port
                    \}
	          \} else \{				\# outbound (specified host is SOURCE)
                    if \{\$prot == \"icmp\"\} \{
	              print \"\# Allow \$hostIP on the local net to send ICMP message \$port traffic to any Internet host\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                      \}
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                    \} else \{
	              print \"\# allow \$hostIP on the local net to request \$prot service on port \$port from any Internet host\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY\" \$port
                      \}
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY\" \$port
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \$hostIP/32 -S \\\$ANY\" \$port
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \$hostIP/32 -S \\\$ANY\" \$port
                      \}
	            \}
	          \}

                \} else \{
                  print \"\# Syntax error on host \$hostIP: service \\\"\$allowservice\\\" unparseable.\"
                \}
	      \}
	    \}
          \}
        \}
      \}
    
"
set __ok(isp) "
      global IPFWADM
      global InetIPValid
      global LocalNetIP
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{
        print
        print \"\# Prevent loopback attacks\"
        print \$IPFWADM \"-I -a deny -o \\\$INET -S 127.0.0.0/8\"
        print \$IPFWADM \"-I -a deny -o \\\$INET -D 127.0.0.0/8\"
        print \$IPFWADM \"-I -a deny \\\$LETH -S 127.0.0.0/8\"
        print \$IPFWADM \"-I -a deny \\\$LETH -D 127.0.0.0/8\"
        print \$IPFWADM \"-O -a deny \\\$INET -S 127.0.0.0/8\"
        print \$IPFWADM \"-O -a deny \\\$INET -D 127.0.0.0/8\"
        print \$IPFWADM \"-O -a deny \\\$LETH -S 127.0.0.0/8\"
        print \$IPFWADM \"-O -a deny \\\$LETH -D 127.0.0.0/8\"
        print
        print \"\# Prevent certain ping attacks\"
        print \$IPFWADM \"-I -a deny -o \\\$INET -P icmp -S \\\$ANY 8 -D 255.255.255.255/32\"
        print
        print \"\# Anti-Spoofing\"
        print \$IPFWADM \"-I -a deny -o \\\$LETH -S \\\$FWALL\"
        if \{\$InetIPValid == 1\} \{
          print \$IPFWADM \"-I -a deny -o \\\$LETH -S \\\$INET_IP\"
          print \$IPFWADM \"-I -a deny -o \\\$INET -S \\\$INET_IP\"
        \}
        if \{\$on_internet\} \{
          \# if lnet is private, the PNA blocks below will take care of things
          \# unless we're an internal firewall
          if \{ ! \[IsAddressPrivate \$LocalNetIP\] || \$internal_firewall != 0 \} \{
            \# lnet is valid IP or we're an internal firewall
            \# block spoofs of our lnet interface address
            print \$IPFWADM \"-I -a deny -o \\\$INET -S \\\$FWALL\"
            if \{\$\{general@antispoof\} && \$internal_firewall == 0\} \{
              \# antispoof our lnet network addresses
              print \$IPFWADM \"-I -a deny -o \\\$INET -S \\\$LNET\"
            \}
          \}

          if \{\$internal_firewall == 0 || \$allow_10_net == 0 || \$allow_172_net == 0 || \$allow_192_net == 0\} \{
            print
            print \"\# per RFC1597 (see http://andrew2.andrew.cmu.edu/rfc/rfc1597.html)\"
            print \"\# the following Private Network addresses must not be routed to the Internet:\"
            print \"\# 10.0.0.0/8\"
            if \{\$internal_firewall == 0 || \$allow_10_net == 0\} \{
              print \$IPFWADM \"-O -a reject \\\$INET -S 10.0.0.0/8\"
              print \$IPFWADM \"-O -a reject \\\$INET -D 10.0.0.0/8\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -S 10.0.0.0/8\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -D 10.0.0.0/8\"
            \} else \{
              print \"\# Internal firewall, permitting traffic to/from 10.0.0.0/8\"
            \}
            print \"\# 172.16.0.0/12\"
            if \{\$internal_firewall == 0 || \$allow_172_net == 0\} \{
              print \$IPFWADM \"-O -a reject \\\$INET -S 172.16.0.0/12\"
              print \$IPFWADM \"-O -a reject \\\$INET -D 172.16.0.0/12\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -S 172.16.0.0/12\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -D 172.16.0.0/12\"
            \} else \{
              print \"\# Internal firewall, permitting traffic to/from 172.16.0.0/12\"
            \}
            print \"\# 192.168.0.0/16\"
            if \{\$internal_firewall == 0 || \$allow_192_net == 0\} \{
              print \$IPFWADM \"-O -a reject \\\$INET -S 192.168.0.0/16\"
              print \$IPFWADM \"-O -a reject \\\$INET -D 192.168.0.0/16\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -S 192.168.0.0/16\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -D 192.168.0.0/16\"
            \} else \{
              print \"\# Internal firewall, permitting traffic to/from 192.168.0.0/16\"
            \}
          \}

	  if \{ \$LocalNetIP != \"\" \} \{
            if \{ ! \[IsAddressPrivate \$LocalNetIP\] \} \{
              print \"\\n\# Prevent all Internet hosts from pinging the local network broadcast address\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -P icmp -S \\\$ANY 8 -D \\\$LBC\"
            \}
          \}

          if \{\$\{general@blockXall\} != 0\} \{
            print
            print \"\# Block all Internet access to local network X servers\"
            print \$IPFWADM \"-I -a deny -o \\\$INET -P tcp \\\$OpenNewConn -S \\\$ANY -D \\\$ANY 6000:6005\"
          \} else \{
            if \{\$\{general@blockXftp\} != 0\} \{
              print
              print \"\# Block all Internet access from ftp-data port to local network X servers\"
              print \$IPFWADM \"-I -a deny -o \\\$INET -P tcp \\\$OpenNewConn -S \\\$ANY ftp-data -D \\\$ANY 6000:6005\"
            \}
          \}

        \}
      \}
    
"
set __ok(denyptp) "
      global IPFWADM
      global ISPPort
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\" || \$\{isp@on_internet\} == 0\} \{
        \# nothing
      \} else \{

        forevery deniedhosts \{

	  \# get the net mask for the host
	  regexp \{(\[0-9\]+): \} \$hostnetmask junk maskbits

	  if \{\[regexp \"\$MatchService\" \$denyservice junk serv port prot\]\} \{
	    \# retrieved from /etc/services
	    
	    set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	    if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              if \{\$prot == \"icmp\"\} \{
                print \"\# Block ICMP message \$port (\$serv) traffic from Internet network/host \$hostIP to host \$localhostIP on the local net\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits \$port -D \$localhostIP/32\"
                print \$IPFWADM \"-F -a deny \\\$LETH -P \$prot -S \$hostIP/\$maskbits \$port -D \$localhostIP/32\"
              \} else \{
	        print \"\# Block Internet network/host \$hostIP requests for \$prot service \$serv (port \$port) from host \$localhostIP on the local net\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits -D \$localhostIP/32\" \$serv
                print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot -S \$hostIP/\$maskbits -D \$localhostIP/32\" \$serv
                print \$IPFWADM \"-F -a reject -o \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits -S \$localhostIP/32\" \$serv
                print \$IPFWADM \"-O -a reject -o \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits -S \$localhostIP/32\" \$serv
              \}
	    \} else \{				\# outbound (specified host is DEST)
              if \{\$prot == \"icmp\"\} \{
	        print \"\# Block host \$localhostIP on the local net sending ICMP message \$port traffic (\$serv) to Internet network/host \$hostIP\"
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$hostIP/\$maskbits\"
                print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$hostIP/\$maskbits\"
              \} else \{
	        print \"\# Block host \$localhostIP on the local net requesting \$prot service \$serv (port \$port) from Internet network/host \$hostIP\"
                print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$localhostIP/32 -D \$hostIP/\$maskbits\" \$serv
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$localhostIP/32 -D \$hostIP/\$maskbits\" \$serv
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot\$ACK -D \$localhostIP/32 -S \$hostIP/\$maskbits\" \$serv
                print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 -S \$hostIP/\$maskbits\" \$serv
	      \}
	    \}

	    if \{\$serv == \"ftp\"\} \{
	      \# special handling for ftp-data \"reverse connection\"
	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$localhostIP/32 ftp-data -D \$hostIP/\$maskbits\"
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$localhostIP/32 ftp-data -D \$hostIP/\$maskbits\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot\$ACK -D \$localhostIP/32 ftp-data -S \$hostIP/\$maskbits\"
                print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 ftp-data -S \$hostIP/\$maskbits\"
	      \} else \{				\# outbound (specified host is DEST)
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits ftp-data -D \$localhostIP/32\"
                print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot -S \$hostIP/\$maskbits ftp-data -D \$localhostIP/32\"
                print \$IPFWADM \"-F -a reject \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits ftp-data -S \$localhostIP/32\"
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits ftp-data -S \$localhostIP/32\"
	      \}
	    \}

          \} else \{

	    if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$denyservice junk port prot\]\} \{
	      \# typed in by user

	      set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Block ICMP message \$port traffic from Internet network/host \$hostIP to host \$localhostIP on the local net\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits \$port -D \$localhostIP/32\"
                  print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot -S \$hostIP/\$maskbits \$port -D \$localhostIP/32\"
                \} else \{
	          print \"\# Block Internet network/host \$hostIP requests for \$prot service on port \$port from host \$localhostIP on the local net\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits -D \$localhostIP/32\" \$port
                  print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot -S \$hostIP/\$maskbits -D \$localhostIP/32\" \$port
                  print \$IPFWADM \"-F -a reject \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits -S \$localhostIP/32\" \$port
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot\$ACK -D \$hostIP/\$maskbits -S \$localhostIP/32\" \$port
	        \}
	      \} else \{				\# outbound (specified host is DEST)
                if \{\$prot == \"icmp\"\} \{
	          print \"\# Block host \$localhostIP on the local net ICMP message \$port traffic to Internet network/host \$hostIP\"
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$hostIP/\$maskbits\"
                  print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$localhostIP/32 \$port -D \$hostIP/\$maskbits\"
                \} else \{
	          print \"\# Block host \$localhostIP on the local net requests for \$prot service on port \$port from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$localhostIP/32 -D \$hostIP/\$maskbits\" \$port
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$localhostIP/32 -D \$hostIP/\$maskbits\" \$port
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot\$ACK -D \$localhostIP/32 -S \$hostIP/\$maskbits\" \$port
                  print \$IPFWADM \"-F -a deny -o \\\$LETH -P \$prot\$ACK -D \$localhostIP/32 -S \$hostIP/\$maskbits\" \$port
	        \}
	      \}

            \} else \{
              print \"\# Syntax error on host \$hostIP: service \\\"\$denyservice\\\" unparseable.\"
            \}
	  \}
        \}
      \}
    
"
set __ok(denyservicesglobal) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{

        forevery deniedservices \{

	  if \{\[regexp \"\$MatchService\" \$denyservice junk serv port prot\]\} \{
	    \# retrieved from /etc/services

	    if \{\$direction(index) == 0\} \{
              if \{\$prot == \"icmp\"\} \{
                print \"\# Block inbound ICMP message \$port (\$serv) traffic\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
              \} else \{
	        if \{\$prot == \"tcp\"\} \{
	          print \"\# Allow established inbound \$prot service \$serv (port \$port) traffic\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$serv
                  if \{\$\{isp@on_internet\}\} \{
		    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$serv
		    \}
                  \}
	        \}
                print \"\# Block new inbound \$prot service \$serv (port \$port) traffic\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$serv
              \}
	    \} else \{
              if \{\$prot == \"icmp\"\} \{
                print \"\# Block outbound ICMP message \$port (\$serv) traffic\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
	          \}
                \}
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
              \} else \{
	        if \{\$prot == \"tcp\"\} \{
	          print \"\# Allow established outbound \$prot service \$serv (port \$port) traffic\"
                  if \{\$\{isp@on_internet\}\} \{
		    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$serv
		    \}
                  \}
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$serv
	        \}
	        print \"\# Block new outbound \$prot service \$serv (port \$port) traffic\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$serv
	          \}
                \}
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$serv
              \}
	    \}

          \} else \{

	    if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$denyservice junk port prot\]\} \{
	      \# typed in by user

	      if \{\$direction(index) == 0\} \{
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Block inbound ICMP message \$port traffic\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
                \} else \{
	          if \{\$prot == \"tcp\"\} \{
	            print \"\# Allow established inbound \$prot service on port \$port traffic\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$port
                    if \{\$\{isp@on_internet\}\} \{
		      if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$port
		      \}
                    \}
	          \}
	          print \"\# Block new inbound \$prot service on port \$port traffic\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$port
                \}
	      \} else \{
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Block outbound ICMP message \$port traffic\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
	            \}
                  \}
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$ANY\"
                \} else \{
	          if \{\$prot == \"tcp\"\} \{
	            print \"\# Allow established outbound \$prot service on port \$port traffic\"
                    if \{\$\{isp@on_internet\}\} \{
		      if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$port
		      \}
                    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \\\$ANY\" \$port
	          \}
	          print \"\# Block new outbound \$prot service on port \$port traffic\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$port
	            \}
                  \}
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY -D \\\$ANY\" \$port
                \}
	      \}

            \} else \{
	      if \{\$denyservice != \"\"\} \{
	        print \"\# Syntax error: service \\\"\$denyservice\\\" unparseable.\"
	      \}
	    \}
	  \}
        \}
      \}
    
"
set __ok(general) "
    	global IPFWADM
	if \{\$IPFWADM == \"\"\} \{
	  print \"echo 'ipfwadm not found. Ensure it is installed and that it is on your PATH.'\"
	  print \"exit 1\"
	\} else \{
          global LocalEth
    	  global LocalNetIP
	  global LocalNetMask
          global InetEth
	  global ISPPort
          set ISPPort \"\"
	  global DialdPort
	  set DialdPort \"\"
	  global UseIPUP
	  set UseIPUP 0
	  global InetIP
	  global InetIPValid
	  set InetIP \"\"
	  set InetIPValid 0
          if \{\$\{isp@on_internet\}\} \{
	    set ISPTypeID \[set isp@connection_type(index)\]
          \} else \{
	    set ISPTypeID -1
	    print \"\# Standalone (not directly connected to the Internet)\"
	    set ISPPort \"-V \$LocalNetIP -W \$LocalEth\"
	    set InetIP \"\$LocalNetIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 0\} \{
	    print \"\# dialup ISP via PPP, dynamic IP address\"
	    set ISPPort \"-W ppp0\"
	    \# no way to know or determine at runtime - loose
	    set InetIP \"\\\$ANY\"
            set InetIPValid 0
          \}
          if \{\$ISPTypeID == 1\} \{
	    print \"\# dialup ISP via PPP, dynamic IP address, diald\"
	    set ISPPort \"-W ppp0\"
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    \# no way to know or determine at runtime - loose
	    set InetIP \"\\\$ANY\"
            set InetIPValid 0
          \}
          if \{\$ISPTypeID == 2\} \{
	    print \"\# dialup ISP via PPP, dynamic IP address\"
	    \# fourth arg to ip-up is our Internet IP address, first is network device
	    set ISPPort \"-V \\\$\\\{4\\\} -W \\\$\\\{1\\\}\"
	    set UseIPUP 1
	    set InetIP \"\\\$\\\{4\\\}/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 3\} \{
	    print \"\# dialup ISP via PPP, dynamic IP address, diald\"
	    \# fourth arg to ip-up is our Internet IP address, first is network device
	    set ISPPort \"-V \\\$\\\{4\\\} -W \\\$\\\{1\\\}\"
	    set UseIPUP 1
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    set UseIPUP 1
	    set InetIP \"\\\$\\\{4\\\}/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 4\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# dialup ISP via PPP, static IP address (\$ISPIP)\"
	    set ISPPort \"-V \$ISPIP\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 5\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# dialup ISP via PPP, static IP address (\$ISPIP)\"
	    set ISPPort \"-V \$ISPIP\"
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 6\} \{
	    print \"\# Multihomed (Internet on \$InetEth)\"
	    set ISPPort \"-W \$InetEth\"
	    \# figure out the network address of \$InetEth interface
            set inetethconfig \"\"
            catch \{
              set inetethconfig \[exec /sbin/ifconfig \$InetEth\]
            \}
            if \{\[regexp \{\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+\} \$inetethconfig\]\} \{
              \# the following will break, of course, should the output of ifconfig change radically
              \# this script is based on the ifconfig in net-tools-1.32.alpha-2
	      set inetethIP \"\"
              regexp \{inet addr:(\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+)\} \$inetethconfig junk inetethIP
	      set InetIP \"\$inetethIP/32\"
              set InetIPValid 1
            \} else \{
	      print \"\# Unable to determine \$InetEth IP address. Check hardware configuration.\"
	      print \"\# Firewall configuration will be loose.\"
	      set InetIP \"\\\$ANY\"
              set InetIPValid 0
            \}
          \}
          if \{\$ISPTypeID == 7\} \{
	    print \"\# ISDN ISP via PPP, dynamic IP address\"
	    set ISPPort \"-W ippp0\"
	    \# no way to know or determine at runtime - loose
	    set InetIP \"\\\$ANY\"
            set InetIPValid 0
          \}
          if \{\$ISPTypeID == 8\} \{
	    print \"\# ISDN ISP via PPP, dynamic IP address, diald\"
	    set ISPPort \"-W ippp0\"
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    \# no way to know or determine at runtime - loose
	    set InetIP \"\\\$ANY\"
            set InetIPValid 0
          \}
          if \{\$ISPTypeID == 9\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# ISDN ISP via PPP, static IP address (\$ISPIP)\"
	    set ISPPort \"-V \$ISPIP\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 10\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# ISDN ISP via PPP, static IP address (\$ISPIP)\"
	    set ISPPort \"-V \$ISPIP\"
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 11\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# ISP via SLIP, static IP address (\$ISPIP)\"
	    set ISPPort \"-W sl0 -V \$ISPIP\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
          if \{\$ISPTypeID == 12\} \{
	    set ISPIP \[set isp@ISPIP\]
	    print \"\# ISP via SLIP, static IP address (\$ISPIP)\"
	    set ISPPort \"-W sl1 -V \$ISPIP\"
	    \# we should figure this out dynamically rather than hard coding it...
	    set DialdPort \"-W sl0\"
	    set InetIP \"\$ISPIP/32\"
            set InetIPValid 1
          \}
	  if \{\$ISPPort == \"\"\} \{
	    print \"echo 'WARNING! Internal error in ipfwadm module for dotfile.' >&2\"
	    print \"echo 'Please contact the author with the following information:' >&2\"
	    print \"echo '\\\$connection_type(index) of\" \$ISPTypeID \"is not supported.' >&2\"
	    print \"exit 1\"
	  \} else \{
	    if \{\$UseIPUP\} \{
	      print \"\# NOTICE: This file must be placed in or called by /etc/ppp/ip-up.\"
              print \"\#\"
              print \"\# It is suggested that you put this script in /etc/ppp/firewall to make\"
              print \"\# maintenance easier, and call it from within /etc/ppp/ip-up:\"
	      print \"\#\"
	      print \"\#     . /etc/ppp/firewall\"
	      print \"\#\"
	      print \"\# If you are supporting inbound PPP users you may want to use the \\\"ipparam\\\"\"
	      print \"\# option on the pppd command line you use to connect to your ISP, then put\"
	      print \"\# the firewall call inside an if-then like:\"
	      print \"\#     if \\\[ \\\"\\\$6\\\" = \\\"whatever-flag-you-choose\\\" \]\"
	      print \"\#     then\"
              print \"\#       . /etc/ppp/firewall\"
	      print \"\#     fi\"
	      print \"\# so that user dialins don't mess with the firewall setup.\"
              print \"\#\"
              print \"\# see http://www.wolfenet.com/~jhardin/ipfwadm/invocation.html for details\"
	      print \"\#\"
	      print
	    \}

	    print \"\# Initialization\"
	    print
	    print \"\# Define some variables to make things a bit clearer below\"
	    print \"\# Any system anywhere\"
	    print \"export ANY=\\\"0.0.0.0/0\\\"\"
	    print \"\# The Internet connection\"
	    print \"export INET=\\\"\$ISPPort\\\"\"
	    if \{ \$LocalNetIP != \"\" \} \{
	      print \"\# The local network port\"
	      print \"export LETH=\\\"-V \$LocalNetIP -W \$LocalEth\\\"\"
	      print \"\# The local network\"
              if \{ \[IsAddressPrivate \"\$LocalNetIP/\$LocalNetMask\"\] && \$classmask \} \{
                if \{ \[MaskNetwork \"\$LocalNetIP/8\"\] == \"10.0.0.0\" \} \{
	          print \"export LNET=\\\"10.0.0.0/8\\\"\"
                \} elseif \{ \[MaskNetwork \"\$LocalNetIP/12\"\] == \"172.16.0.0\" \} \{
	          print \"export LNET=\\\"172.16.0.0/12\\\"\"
                \} elseif \{ \[MaskNetwork \"\$LocalNetIP/16\"\] == \"192.168.0.0\" \} \{
	          print \"export LNET=\\\"192.168.0.0/16\\\"\"
                \}
              \} else \{
	        print \"export LNET=\\\"\[MaskNetwork \"\$LocalNetIP/\$LocalNetMask\"\]/\$LocalNetMask\\\"\"
              \}
	      print \"\# The firewall (this system on the local network)\"
	      print \"export FWALL=\\\"\$LocalNetIP/32\\\"\"
              print \"\# The local network broadcast address\"
              print \"export LBC=\\\"\[BroadcastAddress \"\$LocalNetIP/\$LocalNetMask\"\]/32\\\"\"
	    \}
	    if \{ \$InetIP != \"\" \} \{
	      print \"\# The firewall's Internet address (if known or determinable)\"
	      print \"export INET_IP=\\\"\$InetIP\\\"\"
	    \}
	    print \"\# Some ipfwadm flags for the TCP protocol\"
	    print \"export OpenNewConn=\\\"-y\\\"\"
	    print \"export ConnEstablished=\\\"-k\\\"\"
	    print
	    print \"\# Reset to known state\"
	    print \$IPFWADM \"-I -f           \# flush existing input rules\"
	    print \$IPFWADM \"-O -f           \# flush existing output rules\"
	    print \$IPFWADM \"-F -f           \# flush existing forwarding rules\"
	    print
            print \"\# Set default policy\"
	    if \{\$defaultpolicy(index) == 1\} \{
              \# default policy: ALLOW
	      if \{\$blockinettcp\} \{
	        print \"\# NOTE: default for Internet TCP traffic is DENY (see below)\"
	      \}
	      if \{\$blockinetudp\} \{
	        print \"\# NOTE: default for Internet UDP traffic is DENY (see below)\"
	      \}
              print \"\# default deny until firewall setup is completed...\"
	      print \$IPFWADM \"-I -p deny\"
	      print \$IPFWADM \"-O -p deny\"
	      if \{\$\{masq@masquerade\} && \$\{isp@on_internet\}\} \{
	        print
	        print \"\# Default forwarding policy set to DENY due to masquerading.\"
	        print \"\# It is strongly recommended you not change this,\"
	        print \"\# because if you masquerade and forward by default,\"
	        print \"\# then you can also masquerade traffic coming FROM the\"
	        print \"\# Internet and thus contribute to cracking attempts\"
	        print \"\# against both your site and others.\"
	        print \"\# If this masquerading firewall also needs to forward\"
	        print \"\# traffic without masquerading, you'll need to hand-enter\"
	        print \"\# the forwarding rules (for now).\"
              \}
	      print \$IPFWADM \"-F -p deny\"
	    \} else \{
              \# default policy: DENY
	      print \$IPFWADM \"-I -p deny\"
	      print \$IPFWADM \"-O -p deny\"
	      print \$IPFWADM \"-F -p deny\"
	    \}

          \}
        \}
    
"
set __ok(allowhosts) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      global PERL
      global ParseIP
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{

        forevery allowedhosts \{

          \# If host IP is actually a filename, then parse the IP addresses from the file
          set fromfile 0
          if \{\[file exists \$hostIP\]\} \{
            if \{\$PERL != \"\"\} \{
              set fromfile 1
              set host \"\\\$IP_TO_ALLOW\"
              print
              print \"\# process Internet host permissions from file \$hostIP\"
              print \"if \\\[ -s \$hostIP \]\"
              print \"then\"
              print \"  \$PERL -n -e '\$ParseIP' \$hostIP | \\\\\"
              print \"  while read IP_TO_ALLOW\"
              print \"  do\"
            \} else \{
              print
              print \"\# perl not found - cannot set Internet host rules from \$hostIP.\"
              print \"\# Install perl, then regenerate the firewall file.\"
	      \# generate do-nothing rules
	      set host \"0.0.0.0/32\"
            \}
          \} else \{
	    \# get the net mask for the host
	    regexp \{(\[0-9\]+): \} \$hostnetmask junk maskbits
            set host \"\$hostIP/\$maskbits\"
	  \}

	  if \{\[regexp \"\$MatchService\" \$allowservice junk serv port prot\]\} \{
	    \# retrieved from /etc/services
	    
	    set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	    if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              if \{\$prot == \"icmp\"\} \{
                print \"\# Allow ICMP message \$port (\$serv) traffic from Internet network/host \$host to anyone on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \\\$INET_IP\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \\\$LNET\"
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host \$port -D \\\$LNET\"
                  \}
	        \}
              \} else \{
	        print \"\# allow Internet network/host \$host to request \$prot service \$serv (port \$port) from anyone on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \\\$INET_IP\" \$serv
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$INET_IP\" \$serv
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \\\$LNET\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host -D \\\$LNET\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$LNET\" \$serv
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$LNET\" \$serv
                  \}
	        \}
              \}
	    \} else \{				\# outbound (specified host is DEST)
              if \{\$prot == \"icmp\"\} \{
	        print \"\# Allow anyone on the local net to send ICMP message \$port traffic (\$serv) to Internet network/host \$host\"
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP \$port -D \$host\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \$host\"
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \$host\"
	          \}
	        \}
              \} else \{
	        print \"\# allow anyone on the local net to request \$prot service \$serv (port \$port) from Internet network/host \$host\"
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \$host\" \$serv
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \$host\" \$serv
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET -D \$host\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET -D \$host\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET -S \$host\" \$serv
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET -S \$host\" \$serv
                  \}
	        \}
	      \}
	    \}

	    if \{\$serv == \"ftp\"\} \{
	      \# special handling for ftp-data \"reverse connection\"
	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP ftp-data -D \$host 1024:65535 -t 0x00 0x08\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP ftp-data -S \$host 1024:65535 -t 0x00 0x08\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET ftp-data -D \$host 1024:65535\"
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET ftp-data -D \$host 1024:65535\"
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET ftp-data -S \$host 1024:65535\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET ftp-data -S \$host 1024:65535\"
                  \}
	        \}
	      \} else \{				\# outbound (specified host is DEST)
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host ftp-data -D \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host ftp-data -D \\\$LNET 1024:65535\"
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host ftp-data -D \\\$LNET 1024:65535\"
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \\\$LNET 1024:65535\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host ftp-data -S \\\$LNET 1024:65535\"
	          \}
	        \}
	      \}
	    \}

          \} else \{

	    if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$allowservice junk port prot\]\} \{
	      \# typed in by user

	      set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Allow ICMP message \$port traffic from Internet network/host \$host to anyone on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \\\$INET_IP\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host \$port -D \\\$LNET\"
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host \$port -D \\\$LNET\"
                    \}
                  \}
                \} else \{
	          print \"\# allow Internet network/host \$host to request \$prot service on port \$port from anyone on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \\\$INET_IP\" \$port
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$INET_IP\" \$port
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \$host -D \\\$LNET\" \$port
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \$host -D \\\$LNET\" \$port
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$LNET\" \$port
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \$host -S \\\$LNET\" \$port
                    \}
	          \}
	        \}
	      \} else \{				\# outbound (specified host is DEST)
                if \{\$prot == \"icmp\"\} \{
	          print \"\# Allow anyone on the local net to send ICMP message \$port traffic to Internet network/host \$host\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP \$port -D \$host\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \$host\"
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \$host\"
                    \}
	          \}
                \} else \{
	          print \"\# allow anyone on the local net to request \$prot service on port \$port from Internet network/host \$host\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \$host\" \$port
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \$host\" \$port
                  if \{\$\{isp@on_internet\}\} \{
		    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET -D \$host\" \$port
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET -D \$host\" \$port
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET -S \$host\" \$port
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET -S \$host\" \$port
                    \}
	          \}
	        \}
	      \}

            \} else \{
              print \"\# Syntax error on host \$host: service \\\"\$allowservice\\\" unparseable.\"
            \}
	  \}

          if \{\$fromfile != 0\} \{
            print \"  done\"
            print \"fi\"
            print
          \}
        \}
      \}
    
"
set __ok(denyhosts) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      global PERL
      global ParseIP
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{

        forevery deniedhosts \{

          regexp \{(\[0-9\]+): \} \$hostnetmask junk maskbits

	  if \{\[regexp \"\$MatchService\" \$denyservice junk serv port prot\]\} \{
            \# retrieved from /etc/services

            if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              if \{\$prot == \"icmp\"\} \{
                print \"\# Block ICMP message \$port (\$serv) traffic from Internet network/host \$hostIP\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits \$port -D \\\$ANY\"
              \} else \{
                if \{\$prot == \"tcp\"\} \{
                  print \"\# Allow established \$prot service \$serv (port \$port) traffic from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY\" \$serv
                  if \{\$\{isp@on_internet\}\} \{
        	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY\" \$serv
        	    \}
        	  \}
                \}
                print \"\# Block new \$prot service \$serv (port \$port) traffic from Internet network/host \$hostIP\"
                print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits -D \\\$ANY\" \$serv
              \}
            \} else \{				\# outbound (specified host is DEST)
              if \{\$prot == \"icmp\"\} \{
                print \"\# Block ICMP message \$port (\$serv) traffic to Internet network/host \$hostIP\"
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/\$maskbits\"
                if \{\$\{isp@on_internet\}\} \{
        	  if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/\$maskbits\"
        	  \}
        	\}
              \} else \{
                if \{\$prot == \"tcp\"\} \{
                  print \"\# Allow established \$prot service \$serv (port \$port) traffic to Internet network/host \$hostIP\"
                  if \{\$\{isp@on_internet\}\} \{
        	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits\" \$serv
        	    \}
        	  \}
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits\" \$serv
                \}
                print \"\# Block new \$prot service \$serv (port \$port) traffic to Internet network/host \$hostIP\"
                if \{\$\{isp@on_internet\}\} \{
                  if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/\$maskbits\" \$serv
                  \}
                \}
                print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/\$maskbits\" \$serv
              \}
            \}

          \} else \{

            if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$denyservice junk port prot\]\} \{
              \# typed in by user

              if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Block ICMP message \$port traffic from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits \$port -D \\\$ANY\"
                \} else \{
                  if \{\$prot == \"tcp\"\} \{
                    print \"\# Allow established \$prot service on port \$port traffic from Internet network/host \$hostIP\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY\" \$port
                    if \{\$\{isp@on_internet\}\} \{
        	      if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY\" \$port
        	      \}
                    \}
                  \}
                  print \"\# Block new \$prot service on port \$port traffic from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \$hostIP/\$maskbits -D \\\$ANY\" \$port 
                \}
              \} else \{				\# outbound (specified host is DEST)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Block ICMP message \$port traffic to Internet network/host \$hostIP\"
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/\$maskbits\"
                  if \{\$\{isp@on_internet\}\} \{
        	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/\$maskbits\"
        	    \}
        	  \}
                \} else \{
                  if \{\$prot == \"tcp\"\} \{
                    print \"\# Allow established \$prot service on port \$port traffic to Internet network/host \$hostIP\"
                    if \{\$\{isp@on_internet\}\} \{
        	      if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits\" \$port
        	      \}
        	    \}
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits\" \$port
                  \}
                  print \"\# Block new \$prot service on port \$port traffic to Internet network/host \$hostIP\"
                  if \{\$\{isp@on_internet\}\} \{
                    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/\$maskbits\" \$port
                    \}
                  \}
                  print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/\$maskbits\" \$port 
                \}
              \}

            \} else \{

              if \{\$denyservice == \"\"\} \{
                if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                  print \"\# Allow established tcp traffic from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P tcp \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY 1:65535\"
                  if \{\$\{isp@on_internet\}\} \{
        	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$LETH -P tcp \\\$ConnEstablished -S \$hostIP/\$maskbits -D \\\$ANY 1:65535\"
                    \}
                  \}
                  print \"\# Block traffic from Internet network/host \$hostIP\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P tcp -S \$hostIP/\$maskbits -D \\\$ANY 1:65535\"
                  print \$IPFWADM \"-I -a deny -o \\\$INET -P udp -S \$hostIP/\$maskbits -D \\\$ANY 1:65535\"
                \} else \{				\# outbound (specified host is DEST)
                  print \"\# Allow established tcp traffic to Internet network/host \$hostIP\"
                  if \{\$\{isp@on_internet\}\} \{
        	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
        	    \}
        	  \}
                  print \$IPFWADM \"-O -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
                  print \"\# Block traffic to Internet network/host \$hostIP\"
                  if \{\$\{isp@on_internet\}\} \{
                    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P tcp -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
                      print \$IPFWADM \"-F -a reject \\\$INET -P udp -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
                    \}
                  \}
                  print \$IPFWADM \"-O -a reject \\\$INET -P tcp -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
                  print \$IPFWADM \"-O -a reject \\\$INET -P udp -S \\\$ANY -D \$hostIP/\$maskbits 1:65535\"
                \}

              \} else \{
                print \"\# Syntax error on host \$hostIP: service \\\"\$denyservice\\\" unparseable.\"
              \}
            \}
          \}
        \}
      \}
      
      if \{\$PERL != \"\" && \$UseHTTPBlockList\} \{
        if \{\[file exists \$HTTPBlockListFile\]\} \{
          print
          print \"\# process the HTTP Block List file\"
          print \"if \\\[ -s \$HTTPBlockListFile \]\"
          print \"then\"
          print \"  \$PERL -n -e '\$ParseIP' \$HTTPBlockListFile | \\\\\"
          print \"  while read IP_TO_BLOCK\"
          print \"  do\"
          print \"    \# Allow established HTTP traffic to Internet network/host\"
          if \{\$\{isp@on_internet\}\} \{
            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \"    \$IPFWADM -F -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$ANY -D \\\$IP_TO_BLOCK http\"
            \}
          \}
          print \"    \$IPFWADM -O -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$ANY -D \\\$IP_TO_BLOCK http\"
          print \"    \# Block new HTTP traffic to Internet network/host\"
          if \{\$\{isp@on_internet\}\} \{
            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \"    \$IPFWADM -F -a reject \\\$INET -P tcp -S \\\$ANY -D \\\$IP_TO_BLOCK http\"
            \}
          \}
          print \"    \$IPFWADM -O -a reject \\\$INET -P tcp -S \\\$ANY -D \\\$IP_TO_BLOCK http\"
          print \"  done\"
          print \"fi\"
        \} else \{
          print
          print \"\# HTTP Block List file \$HTTPBlockListFile not found.\"
          print \"\# Create it, then regenerate the firewall file.\"
        \}
      \}

      if \{\$PERL != \"\" && \$UseSMTPBlockList\} \{
        if \{\[file exists \$SMTPBlockListFile\]\} \{
          print
          print \"\# process the SMTP Block List file\"
          print \"if \\\[ -s \$SMTPBlockListFile \]\"
          print \"then\"
          print \"  \$PERL -n -e '\$ParseIP' \$SMTPBlockListFile | \\\\\"
          print \"  while read IP_TO_BLOCK\"
          print \"  do\"
          print \"    \# Allow established SMTP traffic from Internet network/host\"
          print \"    \$IPFWADM -I -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$IP_TO_BLOCK -D \\\$ANY smtp\"
          if \{\$\{isp@on_internet\}\} \{
            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \"    \$IPFWADM -F -a accept \\\$INET -P tcp \\\$ConnEstablished -S \\\$IP_TO_BLOCK -D \\\$ANY smtp\"
            \}
          \}
          print \"    \# Block new SMTP traffic from Internet network/host\"
          print \"    \$IPFWADM -I -a deny -o \\\$INET -P tcp -S \\\$IP_TO_BLOCK -D \\\$ANY smtp\"
          if \{\$\{isp@on_internet\}\} \{
            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \"    \$IPFWADM -F -a deny -o \\\$INET -P tcp -S \\\$IP_TO_BLOCK -D \\\$ANY smtp\"
            \}
          \}
          print \"  done\"
          print \"fi\"
        \} else \{
          print
          print \"\# SMTP Block List file \$SMTPBlockListFile not found.\"
          print \"\# Create it, then regenerate the firewall file.\"
        \}
      \}
    
"
set __ok(denylocalhosts) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      global MatchService
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{

	if \{\$\{masq@masquerade\} && \$\{isp@on_internet\}\} \{
	  print \"\# Masquerading is in use. Hosts on the local net will be controlled through\"
	  print \"\# the masquerade options.\"
	\} else \{
	  if \{\$LocalNetIP == \"\"\} \{
	    print \"\# No local network has been detected.\"
	  \} else \{

            forevery deniedhosts \{

	      if \{\[regexp \"\$MatchService\" \$denyservice junk serv port prot\]\} \{
	        \# retrieved from /etc/services

	        if \{\$direction(index) == 0\} \{		\# inbound (specified host is DEST)
                  if \{\$prot == \"icmp\"\} \{
                    print \"\# Block ICMP message \$port (\$serv) traffic to local host \$hostIP\"
                    print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY \$port -D \$hostIP/32\"
                  \} else \{
	            if \{\$prot == \"tcp\" \} \{
		      print \"\# Allow established \$prot service \$serv (port \$port) traffic from the Internet to local host \$hostIP\"
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/32 \$serv\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/32 \$serv\"
                      \}
		    \}
		    print \"\# Block new \$prot service \$serv (port \$port) traffic from the Internet to local host \$hostIP\"
                    print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/32 \$serv\"
                  \}
	        \} else \{				\# outbound (specified host is SOURCE)
                  if \{\$prot == \"icmp\"\} \{
                    print \"\# Block ICMP message \$port (\$serv) traffic from local host \$hostIP\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                    \}
                    print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$hostIP/32 \$port -D \\\$ANY\"
                  \} else \{
	            if \{\$prot == \"tcp\" \} \{
		      print \"\# Allow established \$prot service \$serv (port \$port) traffic from local host \$hostIP to the Internet\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/32 -D \\\$ANY \$serv\"
                      \}
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/32 -D \\\$ANY \$serv\"
		    \}
		    print \"\# Block new \$prot service \$serv (port \$port) traffic from local host \$hostIP to the Internet\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a reject \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY \$serv\"
                    \}
                    print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY \$serv\"
	          \}
	        \}

              \} else \{

	        if \{\[regexp \{(\[0-9:\]+)/(tcp|udp)\} \$denyservice junk port prot\]\} \{
	          \# typed in by user

	          if \{\$direction(index) == 0\} \{		\# inbound (specified host is DEST)
	            if \{\$prot == \"tcp\" \} \{
		      print \"\# Allow established \$prot service on port \$port traffic from the Internet to local host \$hostIP\"
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/32 \$port \"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot \\\$ConnEstablished -S \\\$ANY -D \$hostIP/32 \$port \"
                      \}
		    \}
		    print \"\# Block new \$prot service on port \$port traffic from the Internet to local host \$hostIP\"
                    print \$IPFWADM \"-I -a deny -o \\\$INET -P \$prot -S \\\$ANY -D \$hostIP/32 \$port \"
	          \} else \{				\# outbound (specified host is SOURCE)
	            if \{\$prot == \"tcp\" \} \{
		      print \"\# Allow established \$prot service on port \$port traffic from local host \$hostIP to the Internet\"
                      if \{\$\{isp@on_internet\}\} \{
                        print \$IPFWADM \"-F -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/32 -D \\\$ANY \$port \"
                      \}
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot \\\$ConnEstablished -S \$hostIP/32 -D \\\$ANY \$port \"
		    \}
		    print \"\# Block new \$prot service on port \$port traffic from local host \$hostIP to the Internet\"
                    if \{\$\{isp@on_internet\}\} \{
                      print \$IPFWADM \"-F -a reject -P \$prot -S \$hostIP/32 -D \\\$ANY \$port \"
                    \}
                    print \$IPFWADM \"-O -a reject \\\$INET -P \$prot -S \$hostIP/32 -D \\\$ANY \$port \"
	          \}
  
                \} else \{
                  print \"\# Syntax error on host \$hostIP: service \\\"\$denyservice\\\" unparseable.\"
                \}
	      \}
	    \}
          \}
        \}
      \}
    
"
set __ok(allowservicesglobal) "
      global IPFWADM
      global ISPPort
      global MatchService
      global LocalNetIP
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{

	if \{\$allowoutboundtcpallports\} \{
	  print \"\# allow anyone on the local net to request any tcp port from any Internet host\"
          print \$IPFWADM \"-O -a accept \\\$INET -P tcp -S \\\$INET_IP -D \\\$ANY 1:65535\"
          print \$IPFWADM \"-I -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$INET_IP -S \\\$ANY 1:65535\"
          if \{\$\{isp@on_internet\}\} \{
	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \$IPFWADM \"-F -a accept \\\$INET -P tcp -S \\\$LNET -D \\\$ANY 1:65535\"
              print \$IPFWADM \"-O -a accept \\\$INET -P tcp -S \\\$LNET -D \\\$ANY 1:65535\"
              print \$IPFWADM \"-I -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$LNET -S \\\$ANY 1:65535\"
              print \$IPFWADM \"-F -a accept \\\$LETH -P tcp \\\$ConnEstablished -D \\\$LNET -S \\\$ANY 1:65535\"
	    \}
          \}
	\} else \{
	  if \{\$allowoutboundtcpwellknownports\} \{
	    print \"\# allow anyone on the local net to request any well-known tcp port from any Internet host\"
            print \$IPFWADM \"-O -a accept \\\$INET -P tcp -S \\\$INET_IP -D \\\$ANY 1:1024\"
            print \$IPFWADM \"-I -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$INET_IP -S \\\$ANY 1:1024\"
            if \{\$\{isp@on_internet\}\} \{
	      if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                print \$IPFWADM \"-F -a accept \\\$INET -P tcp -S \\\$LNET -D \\\$ANY 1:1024\"
                print \$IPFWADM \"-O -a accept \\\$INET -P tcp -S \\\$LNET -D \\\$ANY 1:1024\"
                print \$IPFWADM \"-I -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$LNET -S \\\$ANY 1:1024\"
                print \$IPFWADM \"-F -a accept \\\$LETH -P tcp \\\$ConnEstablished -D \\\$LNET -S \\\$ANY 1:1024\"
	      \}
	    \}
	  \}
        \}

	if \{\$allowoutboundtcpallports || \$allowoutboundtcpwellknownports\} \{
	  print \"\# allow ftp-data connection back in to anyone on the local net from any Internet host\"
          print \$IPFWADM \"-I -a accept \\\$INET -P tcp -S \\\$ANY ftp-data -D \\\$INET_IP 1024:65535 -t 0x00 0x08\"
          print \$IPFWADM \"-O -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$ANY ftp-data -S \\\$INET_IP 1024:65535 -t 0x00 0x08\"
          if \{\$\{isp@on_internet\}\} \{
	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \$IPFWADM \"-I -a accept \\\$INET -P tcp -S \\\$ANY ftp-data -D \\\$LNET 1024:65535\"
              print \$IPFWADM \"-F -a accept \\\$LETH -P tcp -S \\\$ANY ftp-data -D \\\$LNET 1024:65535\"
              print \$IPFWADM \"-F -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$ANY ftp-data -S \\\$LNET 1024:65535\"
              print \$IPFWADM \"-O -a accept \\\$INET -P tcp \\\$ConnEstablished -D \\\$ANY ftp-data -S \\\$LNET 1024:65535\"
	    \}
	  \}
	\}

        forevery allowedservices \{
	
	  if \{\[regexp \"\$MatchService\" \$allowservice junk serv port prot\]\} \{
	    \# retrieved from /etc/services

	    set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	    if \{\$direction(index) == 0\} \{	\# inbound
              if \{\$prot == \"icmp\"\} \{
                print \"\# Allow ICMP message \$port (\$serv) traffic from any Internet host to anyone on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$INET_IP\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$LNET\"
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY \$port -D \\\$LNET\"
                  \}
                \}
              \} else \{
	        print \"\# allow any Internet host to request \$prot service \$serv (port \$port) from anyone on the local net\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \\\$INET_IP\" \$serv
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$INET_IP\" \$serv
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \\\$LNET\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY -D \\\$LNET\" \$serv
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$LNET\" \$serv
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$LNET\" \$serv
	          \}
	        \}
              \}
	    \} else \{				\# outbound
              if \{\$prot == \"icmp\"\} \{
	        print \"\# Allow anyone on the local net to send ICMP message \$port (\$serv) traffic to any Internet host\"
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP \$port -D \\\$ANY\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \\\$ANY\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \\\$ANY\"
                  \}
                \}
              \} else \{
	        if \{\$prot != \"tcp\" || !\$allowoutboundtcpallports\} \{
	          print \"\# allow anyone on the local net to request \$prot service \$serv (port \$port) from any Internet host\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \\\$ANY\" \$serv
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \\\$ANY\" \$serv
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY\" \$serv
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY\" \$serv
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET -S \\\$ANY\" \$serv
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET -S \\\$ANY\" \$serv
	            \}
                  \}
                \}
              \}
	    \}

	    if \{\$serv == \"ftp\"\} \{
	      \# special handling for ftp-data \"reverse connection\"
	      if \{\$direction(index) == 0\} \{	\# inbound
                print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP ftp-data -D \\\$ANY 1024:65535 -t 0x00 0x08\"
                print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP ftp-data -S \\\$ANY 1024:65535 -t 0x00 0x08\"
                if \{\$\{isp@on_internet\}\} \{
	          if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                    print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET ftp-data -D \\\$ANY 1024:65535\"
                    print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET ftp-data -D \\\$ANY 1024:65535\"
                    print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET ftp-data -S \\\$ANY 1024:65535\"
                    print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET ftp-data -S \\\$ANY 1024:65535\"
	          \}
                \}
	      \} else \{				\# outbound
	        if \{!\$allowoutboundtcpallports\} \{
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY ftp-data -D \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY ftp-data -S \\\$INET_IP 1024:65535 -t 0x00 0x08\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY ftp-data -D \\\$LNET 1024:65535\"
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY ftp-data -D \\\$LNET 1024:65535\"
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY ftp-data -S \\\$LNET 1024:65535\"
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY ftp-data -S \\\$LNET 1024:65535\"
	            \}
	          \}
	        \}
	      \}
	    \}

          \} else \{

	    if \{\[regexp \{(\[0-9:\]+)/(tcp|udp|icmp)\} \$allowservice junk port prot\]\} \{
	      \# typed in by user
	      if \{\[regexp \{\\( *(\[ A-Za-z0-9_\\-\]+) *\\)\} \$allowservice junk serv\]\} \{
                set serv \" (\$serv)\"
              \} else \{
                set serv \"\"
              \}

	      set ACK \[pick \{\$prot == \"tcp\"\} \" \\\$ConnEstablished\" \"\"\]

	      if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
                if \{\$prot == \"icmp\"\} \{
                  print \"\# Allow ICMP message \$port traffic from any Internet host to anyone on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$INET_IP\"
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY \$port -D \\\$LNET\"
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY \$port -D \\\$LNET\"
                    \}
                  \}
                \} else \{
	          print \"\# allow any Internet host to request \$prot port \$port\$serv from anyone on the local net\"
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \\\$INET_IP\" \$port
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$INET_IP\" \$port
                  if \{\$\{isp@on_internet\}\} \{
	            if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot -S \\\$ANY -D \\\$LNET\" \$port
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot -S \\\$ANY -D \\\$LNET\" \$port
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$LNET\" \$port
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot\$ACK -D \\\$ANY -S \\\$LNET\" \$port
	            \}
                  \}
	        \}
	      \} else \{				\# outbound (specified host is DEST)
                if \{\$prot == \"icmp\"\} \{
	          print \"\# Allow anyone on the local net to send ICMP message \$port traffic to any Internet host\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP \$port -D \\\$ANY\"
                  if \{\$\{isp@on_internet\}\} \{
		    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \\\$ANY\"
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET \$port -D \\\$ANY\"
                    \}
                  \}
                \} else \{
	          print \"\# allow anyone on the local net to request \$prot port \$port\$serv from any Internet host\"
                  print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$INET_IP -D \\\$ANY\" \$port
                  print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$INET_IP -S \\\$ANY\" \$port
                  if \{\$\{isp@on_internet\}\} \{
		    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
                      print \$IPFWADM \"-F -a accept \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY\" \$port
                      print \$IPFWADM \"-O -a accept \\\$INET -P \$prot -S \\\$LNET -D \\\$ANY\" \$port
                      print \$IPFWADM \"-I -a accept \\\$INET -P \$prot\$ACK -D \\\$LNET -S \\\$ANY\" \$port
                      print \$IPFWADM \"-F -a accept \\\$LETH -P \$prot\$ACK -D \\\$LNET -S \\\$ANY\" \$port
	            \}
	          \}
	        \}
	      \}

            \} else \{
	      if \{\$allowservice != \"\"\} \{
                print \"\# Syntax error: service \\\"\$allowservice\\\" unparseable.\"
	      \}
            \}
	  \}
        \}
      \}
    
"
set __ok(defaultinetpolicy) "
      global IPFWADM
      global ISPPort
      global LocalNetIP
      if \{\$IPFWADM == \"\" || \$ISPPort == \"\"\} \{
        \# nothing
      \} else \{
        set TraceroutePorts \"33434:33523\"
	if \{ \$\{general@outboundtraceroute\} \} \{
	  \# allow outbound traceroute UDP packets on the internet interface
	  print \"\# allow traceroute to send packets to the Internet\"
          print \$IPFWADM \"-O -a accept \\\$INET -P udp -S \\\$INET_IP -D \\\$ANY \$TraceroutePorts\"
          if \{\$\{isp@on_internet\}\} \{
	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \$IPFWADM \"-F -a accept \\\$INET -P udp -S \\\$LNET -D \\\$ANY \$TraceroutePorts\"
              print \$IPFWADM \"-O -a accept \\\$INET -P udp -S \\\$LNET -D \\\$ANY \$TraceroutePorts\"
            \}
          \}
	\}
	if \{ \$\{general@inboundtraceroute\} \} \{
	  \# allow inbound traceroute UDP packets on the internet interface
	  print \"\# allow traceroute packets in from the Internet - SECURITY RISK\"
          print \$IPFWADM \"-I -a accept \\\$INET -P udp -S \\\$ANY -D \\\$INET_IP \$TraceroutePorts\"
          if \{\$\{isp@on_internet\}\} \{
	    if \{\$LocalNetIP != \"\" && \$\{masq@masquerade\} == 0\} \{
              print \$IPFWADM \"-I -a accept \\\$INET -P udp -S \\\$ANY -D \\\$LNET \$TraceroutePorts\"
              print \$IPFWADM \"-F -a accept \\\$LETH -P udp -S \\\$ANY -D \\\$LNET \$TraceroutePorts\"
            \}
          \}
	\}
        print \"\"
        if \{ \[set general@defaultpolicy(index)\] == 1 \} \{
          \# default policy is accept.
	  if \{ \$\{general@blockinettcp\} \} \{
	    \# deny TCP on the internet interface
	    print \"\# default block TCP to/from the Internet\"
            print \$IPFWADM \"-I -a deny -o \\\$INET -P tcp\"
            print \$IPFWADM \"-O -a reject \\\$INET -P tcp\"
	  \}
	  if \{ \$\{general@blockinetudp\} \} \{
	    \# deny UDP on the internet interface
	    print \"\# default block UDP to/from the Internet\"
            print \$IPFWADM \"-I -a deny -o \\\$INET -P udp\"
            print \$IPFWADM \"-O -a reject \\\$INET -P udp\"
	  \}
          \# default policy is accept. open things up.
          print \"\\n\# Default policy: allow all traffic unless explicitly blocked\"
          print \$IPFWADM \"-I -p accept\"
          print \$IPFWADM \"-O -p accept\"
          if \{\$\{masq@masquerade\} == 0 && \$\{isp@on_internet\}\} \{
            print \$IPFWADM \"-F -p accept\"
          \}
        \} else \{
	  print \"\# Default policy is DENY\"
	  print \"\# Allow all local-net traffic in via the local network interface - SECURITY RISK\"
	  print \"\# A future version of the ipfwadm module will allow local-network controls\"
          print \$IPFWADM \"-I -a accept \\\$LETH -S \\\$LNET\"
          print \$IPFWADM \"-O -a accept \\\$LETH -D \\\$LNET\"
	  print \"\# Allow all loopback traffic\"
          print \$IPFWADM \"-I -a accept -W lo\"
          print \$IPFWADM \"-O -a accept -W lo\"
	  print \"\# Allow ICMP traffic (important to network operation)\"
	  print \"\# Block echo requests explicitly somewhere above\"
          print \$IPFWADM \"-I -a accept -P icmp\"
          print \$IPFWADM \"-F -a accept -P icmp\"
          print \$IPFWADM \"-O -a accept -P icmp\"
	  print \"\# deny everything else (done here so it will be logged)\"
          print \$IPFWADM \"-I -a deny -o \\\$INET\"
          print \$IPFWADM \"-O -a reject -o \\\$LETH\"
          print \$IPFWADM \"-I -a reject -o \\\$LETH\"
          print \$IPFWADM \"-O -a reject -o \\\$INET\"
        \}
      \}

      print \"\#\"
      print \"\# End of Firewall Configuration\"
    
"
############################################################
# __desc
############################################################
set __desc(masq) "IP Masquerade settings"
set __desc(allowptp) "Point-to-Point Services Allowed"
set __desc(allowlocalhosts) "Per-Local-Host Services Allowed"
set __desc(isp) "Internet Service Provider settings"
set __desc(denyptp) "Point-to-Point Servicexs Blocking"
set __desc(denyservicesglobal) "Global Service Blocking"
set __desc(general) "General firewall settings"
set __desc(allowhosts) "Per-Internet-Host Services Allowed"
set __desc(denyhosts) "Per-Internet-Host Service Blocking"
set __desc(denylocalhosts) "Per-Local-Host Service Blocking"
set __desc(allowservicesglobal) "Global Services Allowed"
set __desc(defaultinetpolicy) "Default Internet Policy generator placeholder"
############################################################
# __shortDesc
############################################################
set __shortDesc(masq) "IP-Masq settings"
set __shortDesc(allowptp) "Point-to-Point Services Allowed"
set __shortDesc(allowlocalhosts) "Per-Local-Host Services Allowed"
set __shortDesc(isp) "ISP settings"
set __shortDesc(denyptp) "Point-to-Point Service Blocking"
set __shortDesc(denyservicesglobal) "Global Service Blocks"
set __shortDesc(general) "General settings"
set __shortDesc(allowhosts) "Per-Internet-Host Services Allowed"
set __shortDesc(denyhosts) "Per-Internet-Host Service Blocking"
set __shortDesc(denylocalhosts) "Per-Local-Host Service Blocking"
set __shortDesc(allowservicesglobal) "Global Services Allowed"
set __shortDesc(defaultinetpolicy) "Default Internet Policy"
############################################################
# __pageEnd
############################################################
set __pageEnd(masq) ""
set __pageEnd(allowptp) ""
set __pageEnd(allowlocalhosts) ""
set __pageEnd(isp) "
      if \{\$on_internet\} \{
        if \{(\$connection_type(index) > 3 && \$connection_type(index) < 6) ||
            (\$connection_type(index) > 8 && \$connection_type(index) < 13)\} \{
          if \{\[regexp \{^\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+\\.\[0-9\]+\$\} \$ISPIP\]\} \{
	    \# probably okay
	  \} else \{
	    error \"Static PPP IP address not correctly entered.\"
	  \}
        \}
      \}
    
"
set __pageEnd(denyptp) ""
set __pageEnd(denyservicesglobal) ""
set __pageEnd(general) ""
set __pageEnd(allowhosts) ""
set __pageEnd(denyhosts) ""
set __pageEnd(denylocalhosts) ""
set __pageEnd(allowservicesglobal) ""
set __pageEnd(defaultinetpolicy) ""
############################################################
# __showPage
############################################################
set __showPage(masq) "
      global MasqInKernel
      global ForwardInKernel
      global LocalNetIP
      if \{\$MasqInKernel == 0 || \$\{isp@on_internet\} == 0\} \{
        if \{\$MasqInKernel == 0\} \{
	  set label1 \"is not\"
        \} else \{
	  set label1 \"is\"
        \}
	Disable label4
	Disable label2
        Disable masquerade
	Disable head2
	Disable defaultpolicy
	Disable masq_cuseeme
	Disable masq_ftp
	Disable masq_irc
	Disable masq_quake
	Disable masq_raudio
	Disable masq_vdolive
        Disable mframe2
	Disable masqservices
	Disable head3
        Disable masqlist
	set masquerade 0
      \} else \{
	set label1 \"is\"
        if \{\$ForwardInKernel == 0\} \{
	  set label4 \"is not\"
	  Disable label2
          Disable masquerade
	  Disable head2
	  Disable defaultpolicy
	  Disable masq_cuseeme
	  Disable masq_ftp
	  Disable masq_irc
	  Disable masq_quake
	  Disable masq_raudio
	  Disable masq_vdolive
          Disable mframe2
	  Disable masqservices
	  Disable head3
          Disable masqlist
	  set masquerade 0
        \} else \{
	  set label4 \"is\"
	  if \{\$LocalNetIP == \"\"\} \{
	    set label2 \"does not exist.\"
            Disable masquerade
	    Disable head2
	    Disable defaultpolicy
	    Disable masq_cuseeme
	    Disable masq_ftp
	    Disable masq_irc
	    Disable masq_quake
	    Disable masq_raudio
	    Disable masq_vdolive
            Disable mframe2
	    Disable masqservices
	    Disable head3
            Disable masqlist
	    set masquerade 0
	  \} else \{
	    set label2 \"exists.\"
	    if \{\$masquerade\} \{
	      Enable head2
	      Enable defaultpolicy
	      global MODPROBE
	      if \{\$MODPROBE != \"\"\} \{
                set label5 \"can\"
	        Enable masq_cuseeme
	        Enable masq_ftp
	        Enable masq_irc
	        Enable masq_quake
	        Enable masq_raudio
	        Enable masq_vdolive
                Enable mframe2
              \} else \{
                set label5 \"cannot\"
	        Disable masq_cuseeme
	        Disable masq_ftp
	        Disable masq_irc
	        Disable masq_quake
	        Disable masq_raudio
	        Disable masq_vdolive
                Disable mframe2
              \}
	      Enable masqservices
	      Enable head3
              Enable masqlist
	      forevery masqlist \{
	        if \{\$defaultpolicy(index) == 0\} \{
	          Disable hostallow
	        \} else \{
	          Enable hostallow
	        \}
	      \}
	    \} else \{
	      Disable head2
	      Disable defaultpolicy
	      Disable masq_cuseeme
	      Disable masq_ftp
	      Disable masq_irc
	      Disable masq_quake
	      Disable masq_raudio
	      Disable masq_vdolive
	      Disable masqservices
	      Disable head3
	      Disable masqlist
	    \}
	  \}
	\}
      \}
    
"
set __showPage(allowptp) "
      global FirewallInKernel
      global MasqInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowedhosts
      \} else \{
	set label1 \"is\"
	Enable allowedhosts
        \# If internet or boundary firewall and if not directly on internet
        \# then allow ptp masquerade without killing regular forwarding.
        \# This lets you allow users on the corporate network to poll their ISP's POP server, for example
        if \{\$MasqInKernel != 0 && \$\{isp@on_internet\} != 0 && \$\{isp@internal_firewall\} != 0\} \{
          forevery allowedhosts \{
	    if \{\$direction(index) == 0\} \{	\# inbound (specified host is SOURCE)
              \# only for outbound traffic
              set masquerade 0
              Disable masquerade
            \} else \{
              Enable masquerade
            \}
          \}
        \} else \{
          forevery allowedhosts \{
            set masquerade 0
            Disable masquerade
          \}
        \}
      \}
    
"
set __showPage(allowlocalhosts) "
      Enable allowedhosts
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowedhosts
      \} else \{
	set label1 \"is\"
      \}
      global ForwardInKernel
      if \{\$ForwardInKernel == 0\} \{
	set label4 \"is not\"
	Disable allowedhosts
      \} else \{
        set label4 \"is\"
      \}
      if \{\$\{masq@masquerade\} && \$\{isp@on_internet\}\} \{
        set label5 \"has\"
	Disable allowedhosts
      \} else \{
        set label5 \"has not\"
      \}
      global LocalNetIP
      if \{\$LocalNetIP == \"\"\} \{
        set label6 \"has not\"
        Disable allowedhosts
      \} else \{
        set label6 \"has\"
      \}
    
"
set __showPage(isp) "
      if \{\$on_internet\} \{
        Enable connection_type
        Enable internal_firewall
        global PS
        if \{\[regexp \{\[0-9\]:\[0-9\]\[0-9\] diald\} \$PS\]\} \{
	  if \{\$label1 == \"\"\} \{
	    set label1 \"diald daemon detected\"
	    Help label1 \"The diald demand-dialing daemon has been detected.\" \"If you intend to masquerade hosts on the local network you should select one of the \\\"diald\\\" options.\"
	  \}
        \}
        if \{(\$connection_type(index) > 3 && \$connection_type(index) < 6) ||
            (\$connection_type(index) > 8 && \$connection_type(index) < 13)\} \{
          Enable ISPIP
        \} else \{
      	  Disable ISPIP
	  set ISPIP \"\"
        \}
        if \{\$internal_firewall\} \{
          Enable allow_10_net
          Enable allow_172_net
          Enable allow_192_net
        \} else \{
          Disable allow_10_net
          Disable allow_172_net
          Disable allow_192_net
        \}
      \} else \{
        Disable connection_type
        Disable ISPIP
        Disable internal_firewall
        Disable allow_10_net
        Disable allow_172_net
        Disable allow_192_net
      \}
    
"
set __showPage(denyptp) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable deniedhosts
      \} else \{
	set label1 \"is\"
	Enable deniedhosts
      \}
    
"
set __showPage(denyservicesglobal) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable deniedservices
      \} else \{
	set label1 \"is\"
	Enable deniedservices
      \}
    
"
set __showPage(general) "
        global LocalEth
    	global LocalNetIP
	global LocalNetMask
        global InetEth
	if \{\$LocalNetIP == \"\" || \$LocalNetMask == \"\" || \$LocalNetIP == \"Unknown\" || \$LocalNetMask == \"Unknown\"\} \{
	  if \{\$label3 == \"\"\} \{
	    set label3 \"not detected.\"
	    Help label3 \"A local network on \$LocalEth could not be detected. IP Masquerade configuration will\" \"not be offered.\\n\" \"This version of the ipfwadm dotfile module does not support SLIP- or PPP-based local networks.\" 
	  \}
\#\#\#	  Disable localmask
	  Disable classmask
          set classmask 0
	  Disable antispoof
	  set antispoof 0
	\} else \{
	  set label3 \"detected on \$LocalEth: \$LocalNetIP/\$LocalNetMask\"
\#\#\#	  Enable localmask
\#\#\#       if \{\$localmask == \"\"\} \{set localmask \$LocalNetMask\}
          if \{ \[IsAddressPrivate \"\$LocalNetIP/\$LocalNetMask\"\] \} \{
            \# this is more complex than it needs to be - I still don't have the hang
            \# of expression quoting in Tcl... Bleah.
            if \{ \[MaskNetwork \"\$LocalNetIP/8\"\] == \"10.0.0.0\" && \[LookUpMaskBits \$LocalNetMask\] > 8 \} \{
              Enable classmask
            \} elseif \{ \[MaskNetwork \"\$LocalNetIP/12\"\] == \"172.16.0.0\" && \[LookUpMaskBits \$LocalNetMask\] > 12 \} \{
              Enable classmask
            \} elseif \{ \[MaskNetwork \"\$LocalNetIP/16\"\] == \"192.168.0.0\" && \[LookUpMaskBits \$LocalNetMask\] > 16 \} \{
              Enable classmask
            \} else \{
              Disable classmask
              set classmask 0
            \}
          \} else \{
            Disable classmask
            set classmask 0
          \}
          if \{\$\{isp@on_internet\}\} \{
	    Enable antispoof
            Enable blockXall
            if \{\$blockXall\} \{
              set blockXftp 0
              Disable blockXftp
            \} else \{
              Enable blockXftp
            \}
          \} else \{
	    Disable antispoof
            Disable blockXftp
            Disable blockXall
          \}
        \}

    	global InternetIP
	global InternetMask
	    set label3a \"\$InternetIP/\$InternetMask\"
	if \{ \$InternetIP == \"\" || \$InternetMask == \"\" || \$InternetIP == \"Unknown\" || \$InternetMask == \"Unknown\" \} \{
\#	  if \{\$label3a == \"\"\} \{
	    set label3a \"not detected.\"
\#	  \}
	\} else \{
	  set label3a \"possibly detected on \$InetEth: \$InternetIP/\$InternetMask\"
	\}

        global FirewallInKernel
        if \{\$FirewallInKernel == 0\} \{
	  \# Firewall support not compiled into kernel
	  \# can we pop a warning box?
	  set label1 \"is not\"
          Disable defaultpolicy
	  Disable blockinettcp
	  Disable blockinetudp
	  Disable outboundtraceroute
	  Disable inboundtraceroute
        \} else \{
          if \{\$defaultpolicy(index) == 1\} \{
	    Enable blockinettcp
	    Enable blockinetudp
	    Enable outboundtraceroute
	    Enable inboundtraceroute
	  \} else \{
	    Disable blockinettcp
	    Disable blockinetudp
	    Disable outboundtraceroute
	    Disable inboundtraceroute
	  \}
	\}

    	global IPFWADM
	if \{\$IPFWADM == \"\"\} \{
	  if \{\$label2 == \"\"\} \{
	    set label2 \"ipfwadm could not be found.\\nThe firewall configuration file cannot be generated.\"
	    Help label2 \"For security purposes, this module needs to know the complete path to the ipfwadm command.\" \"It couldn't be found, so it's either not installed or not on your PATH.\" \"\\nIf ipfwadm is installed, then either run this dotfile module as root (not recommended)\" \"or temporarily add the directory ipfwadm is in to your PATH.\"
	  \}
	\} else \{
	  if \{\$label2 == \"\"\} \{
	    set label2 \"ipfwadm found in \$IPFWADM\"
	    Help label2 \"For security purposes, this module needs to know the complete path to the ipfwadm command.\"
	  \}
	\}

        global ForwardInKernel
        if \{\$ForwardInKernel == 0\} \{
	  \# Firewall support not compiled into kernel
	  \# can we pop a warning box?
	  set label4 \"is not\"
        \}
    
"
set __showPage(allowhosts) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowedhosts
      \} else \{
	set label1 \"is\"
	Enable allowedhosts
      \}
    
"
set __showPage(denyhosts) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable deniedhosts
      \} else \{
	set label1 \"is\"
	Enable deniedhosts
      \}
      if \{\$UseHTTPBlockList\} \{
        Enable HTTPBlockListFile
      \} else \{
        Disable HTTPBlockListFile
      \}
      if \{\$UseSMTPBlockList\} \{
        Enable SMTPBlockListFile
      \} else \{
        Disable SMTPBlockListFile
      \}
    
"
set __showPage(denylocalhosts) "
      Enable deniedhosts
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable deniedhosts
      \} else \{
	set label1 \"is\"
      \}
      global ForwardInKernel
      if \{\$ForwardInKernel == 0\} \{
	set label4 \"is not\"
	Disable deniedhosts
      \} else \{
        set label4 \"is\"
      \}
      if \{\$\{masq@masquerade\} && \$\{isp@on_internet\}\} \{
        set label5 \"has\"
	Disable deniedhosts
      \} else \{
        set label5 \"has not\"
      \}
    
"
set __showPage(allowservicesglobal) "
      global FirewallInKernel
      if \{\$FirewallInKernel == 0\} \{
	set label1 \"is not\"
	Disable allowoutboundtcpallports
	Disable allowoutboundtcpwellknownports
	Disable allowedservices
      \} else \{
	set label1 \"is\"
	Enable allowedservices
	Enable allowoutboundtcpallports
	if \{\$allowoutboundtcpallports\} \{
	  Disable allowoutboundtcpwellknownports
        \} else \{
	  Enable allowoutboundtcpwellknownports
        \}
      \}
    
"
set __showPage(defaultinetpolicy) ""
############################################################
# __initFunc
############################################################
set __initFunc(masq) ""
set __initFunc(allowptp) ""
set __initFunc(allowlocalhosts) ""
set __initFunc(isp) ""
set __initFunc(denyptp) ""
set __initFunc(denyservicesglobal) ""
set __initFunc(general) ""
set __initFunc(allowhosts) ""
set __initFunc(denyhosts) ""
set __initFunc(denylocalhosts) ""
set __initFunc(allowservicesglobal) ""
set __initFunc(defaultinetpolicy) ""
############################################################
# __children
############################################################
set __children(masq__mframe0) "masq_cuseeme masq_ftp masq_irc"
set __children(masq__mframe1) "masq_quake masq_raudio masq_vdolive"
set __children(masq__mframe2) "mframe0 mframe1"
set __children(denylocalhosts__deniedhosts) "frame3"
set __children(allowptp__frame1) "hostIP hostnetmask"
set __children(allowptp__frame2) "allowservice direction masquerade"
set __children(allowptp__frame3) "frame1 localhostIP frame2 line1"
set __children(denyhosts__frame1) "hostIP hostnetmask"
set __children(denyhosts__frame2) "denyservice direction"
set __children(denyhosts__frame3) "frame1 frame2 line1"
set __children(denylocalhosts__top) "head1 label1 label4 label5 deniedhosts"
set __children(denyhosts__frame4) "UseHTTPBlockList HTTPBlockListFile"
set __children(denyhosts__frame5) "UseSMTPBlockList SMTPBlockListFile"
set __children(denyptp__frame1) "hostIP hostnetmask"
set __children(allowservicesglobal__allowedservices) "allowservice direction"
set __children(general__top) "head1 label1 label2 line1 defaultpolicy blockinettcp blockinetudp outboundtraceroute inboundtraceroute line2 label3 label3a label4 classmask antispoof blockXall blockXftp"
set __children(denyptp__frame2) "denyservice direction"
set __children(denyptp__frame3) "frame1 localhostIP frame2 line1"
set __children(allowptp__allowedhosts) "frame3"
set __children(allowlocalhosts__top) "head1 label1 label4 label5 label6 allowedhosts"
set __children(masq__frame0) "masqsystem hostallow"
set __children(masq__frame1) "frame0 servicesbyhost"
set __children(masq__frame2) "frame1 line3"
set __children(isp__top) "head1 label1 on_internet connection_type ISPIP line1 head2 internal_firewall allow_10_net allow_172_net allow_192_net line2"
set __children(allowlocalhosts__frame1) "hostIP"
set __children(defaultinetpolicy__top) "label1"
set __children(allowlocalhosts__frame2) "allowservice direction"
set __children(allowlocalhosts__frame3) "frame1 frame2 line1"
set __children(denyservicesglobal__deniedservices) "denyservice direction"
set __children(denyhosts__deniedhosts) "frame3"
set __children(allowhosts__top) "head1 label1 allowedhosts"
set __children(allowhosts__frame1) "hostIP hostnetmask"
set __children(allowhosts__frame2) "allowservice direction"
set __children(denyptp__deniedhosts) "frame3"
set __children(allowhosts__frame3) "frame1 frame2 line1"
set __children(allowservicesglobal__top) "head1 label1 allowoutboundtcpallports allowoutboundtcpwellknownports line1 allowedservices"
set __children(denylocalhosts__frame1) "hostIP"
set __children(denylocalhosts__frame2) "denyservice direction"
set __children(allowhosts__allowedhosts) "frame3"
set __children(denylocalhosts__frame3) "frame1 frame2 line1"
set __children(denyhosts__top) "head1 label1 deniedhosts frame4 frame5"
set __children(masq__top) "head1 label1 label4 label2 masquerade head2 defaultpolicy line1 label5 mframe2 line2 masqservices head3 masqlist"
set __children(masq__servicesbyhost) "servicebyhost"
set __children(denyptp__top) "head1 label1 deniedhosts"
set __children(masq__masqservices) "masqservice"
set __children(allowlocalhosts__allowedhosts) "frame3"
set __children(allowptp__top) "head1 label1 allowedhosts"
set __children(masq__masqlist) "frame2"
set __children(denyservicesglobal__top) "head1 label1 deniedservices"
############################################################
# __widgetArgs
############################################################
set __widgetArgs(allowlocalhosts__allowedhosts__index) ""
set __widgetArgs(allowhosts__allowedhosts__noscissor) "0"
set __widgetArgs(masq__frame2__text) ""
set __widgetArgs(denyptp__label1__textafter) "compiled into the kernel."
set __widgetArgs(allowptp__label1__comboWidth) "0"
set __widgetArgs(denyhosts__deniedhosts__lines) "0"
set __widgetArgs(allowlocalhosts__label1__default) "is"
set __widgetArgs(denylocalhosts__label4__export) "1"
set __widgetArgs(allowservicesglobal__head1__text) "Global Services Allowed"
set __widgetArgs(general__label2__text) ""
set __widgetArgs(allowservicesglobal__head1__background) "gray"
set __widgetArgs(denyptp__head1__type) "header"
set __widgetArgs(masq__frame1__text) ""
set __widgetArgs(denyservicesglobal__deniedservices__noscissor) "0"
set __widgetArgs(denyservicesglobal__deniedservices__text) ""
set __widgetArgs(denylocalhosts__denyservice__export) "1"
set __widgetArgs(general__label3a__default) ""
set __widgetArgs(denyptp__deniedhosts__type) "extentry"
set __widgetArgs(allowptp__direction__text) ""
set __widgetArgs(isp__label1__text) ""
set __widgetArgs(allowptp__label1__textafter) "compiled into the kernel."
set __widgetArgs(general__label1__text) "Firewall support"
set __widgetArgs(allowhosts__allowservice__default) ""
set __widgetArgs(denylocalhosts__frame3__text) ""
set __widgetArgs(isp__allow_172_net__text) "Allow 172-net traffic through."
set __widgetArgs(allowlocalhosts__label6__help) "You must have a local network to control access permissions for computers on the local network..."
set __widgetArgs(denylocalhosts__direction__default) "Inbound"
set __widgetArgs(masq__frame0__text) ""
set __widgetArgs(denylocalhosts__deniedhosts__default) ""
set __widgetArgs(general__blockinettcp__default) "1"
set __widgetArgs(denyptp__deniedhosts__index) ""
set __widgetArgs(allowptp__allowedhosts__type) "extentry"
set __widgetArgs(denylocalhosts__frame1__entries) "hostIP"
set __widgetArgs(denyservicesglobal__label1__default) "is"
set __widgetArgs(isp__on_internet__type) "checkbox"
set __widgetArgs(general__label3a__help) "No Help"
set __widgetArgs(isp__on_internet__anchor) "center"
set __widgetArgs(allowptp__allowservice__count) "10"
set __widgetArgs(denyhosts__deniedhosts__help) "No Help"
set __widgetArgs(allowptp__allowservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(allowservicesglobal__allowservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denylocalhosts__frame2__text) ""
set __widgetArgs(isp__ISPIP__text) "Static PPP IP address"
set __widgetArgs(general__outboundtraceroute__type) "checkbox"
set __widgetArgs(allowservicesglobal__direction__export) "1"
set __widgetArgs(allowhosts__frame2__export) "1"
set __widgetArgs(masq__masqservice__export) "1"
set __widgetArgs(denylocalhosts__label4__comboWidth) "0"
set __widgetArgs(allowlocalhosts__label5__help) "If IP Masquerade is in use, then all local-net host controls must be configured in the Masquerade screen."
set __widgetArgs(denyhosts__hostIP__orient) "left"
set __widgetArgs(allowhosts__allowservice__export) "1"
set __widgetArgs(denyptp__direction__text) ""
set __widgetArgs(denyservicesglobal__direction__defaultIndex) "0"
set __widgetArgs(allowhosts__allowedhosts__entries) "frame3"
set __widgetArgs(allowhosts__hostnetmask__entries) "	\" 0: 0.0.0.0\" \" 1: 128.0.0.0\" \" 2: 192.0.0.0\" \" 3: 224.0.0.0\" \" 4: 240.0.0.0\" \" 5: 248.0.0.0\" \" 6: 252.0.0.0\" \" 7: 254.0.0.0\" \" 8: 255.0.0.0\" \" 9: 255.128.0.0\" \"10: 255.192.0.0\" \"11: 255.224.0.0\" \"12: 255.240.0.0\" \"13: 255.248.0.0\" \"14: 255.252.0.0\" \"15: 255.254.0.0\" \"16: 255.255.0.0\" \"17: 255.255.128.0\" \"18: 255.255.192.0\" \"19: 255.255.224.0\" \"20: 255.255.240.0\" \"21: 255.255.248.0\" \"22: 255.255.252.0\" \"23: 255.255.254.0\" \"24: 255.255.255.0\" \"25: 255.255.255.128\" \"26: 255.255.255.192\" \"27: 255.255.255.224\" \"28: 255.255.255.240\" \"29: 255.255.255.248\" \"30: 255.255.255.252\" \"31: 255.255.255.254\" \"32: 255.255.255.255\" "
set __widgetArgs(allowptp__frame2__default) ""
set __widgetArgs(masq__frame0__default) ""
set __widgetArgs(denyptp__hostIP__orient) "left"
set __widgetArgs(denyservicesglobal__label1__textafter) "compiled into the kernel."
set __widgetArgs(denylocalhosts__frame1__text) ""
set __widgetArgs(allowhosts__direction__defaultIndex) "0"
set __widgetArgs(masq__label2__export) "1"
set __widgetArgs(allowservicesglobal__allowservice__noedit) "0"
set __widgetArgs(masq__mframe0__default) ""
set __widgetArgs(allowlocalhosts__frame1__orient) "left"
set __widgetArgs(allowlocalhosts__label4__help) "Forwarding support must be compiled into the kernel if you wish to transfer packets between the local network and the Internet. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denylocalhosts__hostIP__default) ""
set __widgetArgs(denyservicesglobal__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth.
Since you are probably not providing services to the Internet at large, it is a good idea to block any packets requesting them. This makes it more difficult to crack your system through a service that you may not know you are running or that you are providing for your local network but that the Internet should not have access to (like NetBIOS or IPX traffic). 
If your default policy is \"deny\", you don't need to mention any services here, they're all blocked by default. 
Note: these services will be blocked for ALL hosts on the Internet. See \"Deny Hosts\" to block only specific hosts."
set __widgetArgs(denyhosts__frame3__entries) "frame1 frame2 line1"
set __widgetArgs(general__label3a__comboWidth) "0"
set __widgetArgs(masq__masqservices__text) ""
set __widgetArgs(allowptp__hostnetmask__export) "1"
set __widgetArgs(denylocalhosts__direction__type) "radio"
set __widgetArgs(general__label1__comboWidth) "0"
set __widgetArgs(denyptp__frame3__text) ""
set __widgetArgs(general__defaultpolicy__text) "What is the default firewall policy?"
set __widgetArgs(denylocalhosts__deniedhosts__lines) "0"
set __widgetArgs(denyptp__frame2__default) ""
set __widgetArgs(isp__line2__orient) "horizontal"
set __widgetArgs(denyhosts__label1__text) "Firewall support"
set __widgetArgs(masq__masq_raudio__help) "Masquerade RealAudio streaming audio traffic."
set __widgetArgs(masq__servicesbyhost__orient) "left"
set __widgetArgs(isp__allow_192_net__text) "Allow 192-net traffic through."
set __widgetArgs(denyhosts__frame3__export) "1"
set __widgetArgs(allowhosts__allowedhosts__count) "5"
set __widgetArgs(allowhosts__hostnetmask__count) "8"
set __widgetArgs(general__line2__type) "line"
set __widgetArgs(masq__head2__background) "gray"
set __widgetArgs(denyptp__frame2__text) ""
set __widgetArgs(denylocalhosts__line1__type) "line"
set __widgetArgs(allowhosts__frame3__entries) "frame1 frame2 line1"
set __widgetArgs(denyhosts__SMTPBlockListFile__text) "SMTP Block List filename"
set __widgetArgs(isp__allow_10_net__export) "1"
set __widgetArgs(denyptp__frame3__export) "1"
set __widgetArgs(masq__masq_irc__text) "Masquerade IRC"
set __widgetArgs(denyptp__denyservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to block HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(denyservicesglobal__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denylocalhosts__line1__export) "1"
set __widgetArgs(denyptp__denyservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denyhosts__label1__default) "is"
set __widgetArgs(general__line2__orient) "horizontal"
set __widgetArgs(general__line1__type) "line"
set __widgetArgs(masq__masqsystem__orient) "left"
set __widgetArgs(allowlocalhosts__label1__comboWidth) "0"
set __widgetArgs(masq__label5__default) "can"
set __widgetArgs(isp__label1__comboWidth) "0"
set __widgetArgs(denyptp__frame1__text) ""
set __widgetArgs(allowlocalhosts__allowservice__noedit) "0"
set __widgetArgs(isp__on_internet__default) "1"
set __widgetArgs(denyservicesglobal__direction__count) "5"
set __widgetArgs(masq__servicesbyhost__index) ""
set __widgetArgs(masq__line1__default) ""
set __widgetArgs(masq__head1__default) ""
set __widgetArgs(masq__masqsystem__help) "The IP address or name of a computer on the local network."
set __widgetArgs(denyhosts__frame5__orient) "left"
set __widgetArgs(allowhosts__direction__entries) "Inbound Outbound"
set __widgetArgs(allowlocalhosts__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(general__label2__default) ""
set __widgetArgs(general__defaultpolicy__default) "Deny"
set __widgetArgs(denyptp__deniedhosts__export) "1"
set __widgetArgs(allowhosts__line1__type) "line"
set __widgetArgs(denylocalhosts__frame2__export) "1"
set __widgetArgs(isp__ISPIP__export) "1"
set __widgetArgs(masq__mframe2__help) "No Help"
set __widgetArgs(masq__masqservice__comboWidth) "0"
set __widgetArgs(allowptp__masquerade__type) "checkbox"
set __widgetArgs(allowhosts__label1__default) "is"
set __widgetArgs(allowptp__allowservice__text) "Service to allow"
set __widgetArgs(masq__label4__anchor) "center"
set __widgetArgs(general__label1__anchor) "center"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__help) "\"Well-Known\" ports are standardized port numbers (1-1024) assigned to specific services by a central authority, the Internet Assigned Numbers Authority (IANA). 

If you don't wish to list the specific services you allow, you can check this box. This will allow users on the local network to initiate a connection to any service on a well-known port.

NOTE: Some HTTP servers run on port numbers in the 8000 range. Checking this checkbox WILL NOT allow such traffic through. If you wish to access a HTTP server running on a port number in the 8000 range, you'll have to explicitly add that port or range (using the tcp protocol) to the list of allowed services - for example, add \"8000:8080/tcp (alternate HTTP)\". 

This option does not enable UDP traffic, which must be explicitly listed."
set __widgetArgs(masq__line1__orient) "horizontal"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__export) "1"
set __widgetArgs(allowptp__line1__export) "1"
set __widgetArgs(general__blockinettcp__type) "checkbox"
set __widgetArgs(allowlocalhosts__allowedhosts__maxentries) "Inf"
set __widgetArgs(general__label4__export) "1"
set __widgetArgs(masq__mframe1__help) "No Help"
set __widgetArgs(allowlocalhosts__allowedhosts__type) "extentry"
set __widgetArgs(masq__label2__default) ""
set __widgetArgs(allowptp__frame3__entries) "frame1 localhostIP frame2 line1"
set __widgetArgs(denyhosts__frame5__anchor) "center"
set __widgetArgs(allowlocalhosts__line1__help) "No Help"
set __widgetArgs(denylocalhosts__direction__count) "5"
set __widgetArgs(denyhosts__head1__type) "header"
set __widgetArgs(denyhosts__frame5__text) ""
set __widgetArgs(denyhosts__UseHTTPBlockList__type) "checkbox"
set __widgetArgs(denylocalhosts__denyservice__entryhelp) ""
set __widgetArgs(masq__frame1__entries) "frame0 servicesbyhost"
set __widgetArgs(masq__masqsystem__comboWidth) "0"
set __widgetArgs(masq__servicesbyhost__type) "extentry"
set __widgetArgs(denylocalhosts__denyservice__text) "Service to deny"
set __widgetArgs(denyhosts__HTTPBlockListFile__export) "1"
set __widgetArgs(defaultinetpolicy__label1__default) ""
set __widgetArgs(masq__mframe0__help) "No Help"
set __widgetArgs(masq__masq_quake__type) "checkbox"
set __widgetArgs(general__label3a__anchor) "center"
set __widgetArgs(general__inboundtraceroute__type) "checkbox"
set __widgetArgs(masq__mframe1__entries) "masq_quake masq_raudio masq_vdolive"
set __widgetArgs(denyservicesglobal__denyservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to block inbound HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP. 
Note: these services will be blocked for ALL hosts on the Internet. See \"Deny Hosts\" to block only specific hosts."
set __widgetArgs(denylocalhosts__hostIP__text) "Local Host"
set __widgetArgs(allowptp__head1__type) "header"
set __widgetArgs(allowhosts__allowedhosts__maxentries) "Inf"
set __widgetArgs(general__antispoof__type) "checkbox"
set __widgetArgs(masq__mframe1__orient) "top"
set __widgetArgs(masq__servicebyhost__help) "If the default masquerade policy is \"Allow\" then only the services listed here (if any) will be blocked. This will override a global allow defined above. If the default masquerade policy is \"Block\" then only the services listed here (if any) will be allowed. This will override a global block defined above. 

Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to block or allow HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(denyhosts__label1__anchor) "center"
set __widgetArgs(denyhosts__frame4__text) ""
set __widgetArgs(masq__masq_vdolive__export) "1"
set __widgetArgs(allowhosts__allowservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to allow HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(denyptp__frame3__entries) "frame1 localhostIP frame2 line1"
set __widgetArgs(allowptp__allowedhosts__index) ""
set __widgetArgs(denyptp__line1__help) "No Help"
set __widgetArgs(masq__frame0__export) "1"
set __widgetArgs(denyptp__label1__anchor) "center"
set __widgetArgs(allowptp__label1__default) "is"
set __widgetArgs(allowptp__label1__text) "Firewall support"
set __widgetArgs(allowptp__hostIP__orient) "left"
set __widgetArgs(denyhosts__frame3__text) ""
set __widgetArgs(general__defaultpolicy__export) "1"
set __widgetArgs(allowservicesglobal__allowedservices__orient) "left"
set __widgetArgs(denyhosts__label1__textafter) "compiled into the kernel."
set __widgetArgs(denyhosts__SMTPBlockListFile__comboWidth) "0"
set __widgetArgs(isp__head2__text) "Private Network IP filtering"
set __widgetArgs(masq__defaultpolicy__entries) "Allow Block"
set __widgetArgs(masq__servicebyhost__default) ""
set __widgetArgs(denyptp__deniedhosts__noscissor) "0"
set __widgetArgs(allowlocalhosts__label6__type) "label"
set __widgetArgs(denyhosts__frame2__text) ""
set __widgetArgs(allowhosts__label1__text) "Firewall support"
set __widgetArgs(denyptp__hostnetmask__count) "8"
set __widgetArgs(denyservicesglobal__denyservice__count) "10"
set __widgetArgs(masq__label5__help) "Certain network protocols need special support to work with masquerading. This support is provided as modules that extend kernel functionality.

In order to load these modules, the location of the \"modprobe\" program must be known. You may need to modify your PATH before running this module."
set __widgetArgs(masq__frame2__orient) "top"
set __widgetArgs(denyptp__hostIP__text) "Internet Host"
set __widgetArgs(denyhosts__hostIP__comboWidth) "0"
set __widgetArgs(allowlocalhosts__label5__export) "1"
set __widgetArgs(masq__defaultpolicy__anchor) "center"
set __widgetArgs(denyptp__label1__default) "is"
set __widgetArgs(denyservicesglobal__deniedservices__count) "10"
set __widgetArgs(allowptp__hostnetmask__textafter) ""
set __widgetArgs(isp__head1__text) "ISP settings"
set __widgetArgs(general__label3a__type) "label"
set __widgetArgs(denyhosts__deniedhosts__orient) "left"
set __widgetArgs(denyhosts__deniedhosts__type) "extentry"
set __widgetArgs(allowlocalhosts__label6__comboWidth) "0"
set __widgetArgs(allowlocalhosts__frame3__help) "No Help"
set __widgetArgs(allowlocalhosts__label5__type) "label"
set __widgetArgs(masq__masq_ftp__text) "Masquerade FTP"
set __widgetArgs(denyhosts__frame1__text) ""
set __widgetArgs(allowptp__frame3__export) "1"
set __widgetArgs(masq__label4__help) "Forwarding support must be compiled into the kernel if you wish to transfer packets between the local network and the Internet. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(allowptp__hostnetmask__default) ""
set __widgetArgs(denylocalhosts__head1__export) "1"
set __widgetArgs(general__classmask__anchor) "center"
set __widgetArgs(denyhosts__denyservice__count) "10"
set __widgetArgs(denyhosts__deniedhosts__maxentries) "Inf"
set __widgetArgs(allowlocalhosts__allowedhosts__orient) "left"
set __widgetArgs(allowptp__direction__count) "5"
set __widgetArgs(denyptp__direction__entries) "Inbound Outbound"
set __widgetArgs(allowlocalhosts__allowservice__text) "Service to allow"
set __widgetArgs(allowlocalhosts__frame2__help) "No Help"
set __widgetArgs(allowlocalhosts__label4__type) "label"
set __widgetArgs(denyhosts__SMTPBlockListFile__default) "/etc/SMTP-blocklist"
set __widgetArgs(denyservicesglobal__head1__type) "header"
set __widgetArgs(allowservicesglobal__allowservice__count) "10"
set __widgetArgs(allowlocalhosts__direction__help) "No Help"
set __widgetArgs(allowlocalhosts__frame3__default) ""
set __widgetArgs(allowptp__allowedhosts__export) "1"
set __widgetArgs(masq__line3__text) ""
set __widgetArgs(masq__label2__comboWidth) "0"
set __widgetArgs(denyservicesglobal__deniedservices__default) ""
set __widgetArgs(allowservicesglobal__direction__entryhelp) " \"Inbound\" \"Service requests coming in from the Intenet.\" \"Outbound\" \"Service requests going out to the Internet.\" "
set __widgetArgs(allowlocalhosts__frame1__help) "No Help"
set __widgetArgs(isp__ISPIP__textafter) ""
set __widgetArgs(masq__masqservice__entryhelp) ""
set __widgetArgs(masq__masq_raudio__type) "checkbox"
set __widgetArgs(denylocalhosts__label5__help) "If IP Masquerade is in use, then all local-net host controls must be configured in the Masquerade screen."
set __widgetArgs(masq__label2__help) "You can only masquerade if there are other computers on the local network."
set __widgetArgs(allowhosts__allowedhosts__text) ""
set __widgetArgs(allowhosts__frame1__export) "1"
set __widgetArgs(allowhosts__hostnetmask__text) "Network Mask"
set __widgetArgs(denyhosts__deniedhosts__noscissor) "0"
set __widgetArgs(scrollbar) "scrollbar"
set __widgetArgs(allowptp__head1__export) "1"
set __widgetArgs(general__outboundtraceroute__default) "1"
set __widgetArgs(masq__line2__text) ""
set __widgetArgs(masq__masqlist__help) "No Help"
set __widgetArgs(masq__servicebyhost__count) "10"
set __widgetArgs(denyptp__denyservice__type) "combobox"
set __widgetArgs(denyservicesglobal__label1__type) "label"
set __widgetArgs(masq__defaultpolicy__count) "5"
set __widgetArgs(denylocalhosts__label4__help) "Forwarding support must be compiled into the kernel if you wish to transfer packets between the local network and the Internet. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(isp__allow_10_net__help) "Check this box if your private network uses the reserved IP address space 10.0.0.0/8

 This will allow your Private Network hosts to communicate with your Boundary Network hosts. Other filtering rules apply, so you can still control access to your Boundary Network hosts."
set __widgetArgs(denyptp__hostnetmask__text) "Network Mask"
set __widgetArgs(masq__masqlist__noscissor) "0"
set __widgetArgs(masq__label1__help) "IP Masquerade support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions.

Note: IP Masquerade is experimental in kernels prior to 2.0.30 - you must select \"Yes\" when asked \"Prompt for development and/or incomplete code/drivers\" in \"Code Maturity Level Options\". You should upgrade to the newest kernel, as new features for masquerade support have been added."
set __widgetArgs(denyhosts__deniedhosts__count) "5"
set __widgetArgs(masq__label1__export) "1"
set __widgetArgs(denyservicesglobal__direction__help) "No Help"
set __widgetArgs(denyptp__hostnetmask__export) "1"
set __widgetArgs(denyptp__localhostIP__help) "The unique IP address of a computer on the local network."
set __widgetArgs(masq__line1__text) ""
set __widgetArgs(denylocalhosts__hostIP__comboWidth) "0"
set __widgetArgs(masq__masqsystem__type) "entry"
set __widgetArgs(denylocalhosts__label5__anchor) "center"
set __widgetArgs(denyhosts__denyservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(general__blockXftp__export) "1"
set __widgetArgs(allowlocalhosts__label1__type) "label"
set __widgetArgs(general__label1__textafter) "compiled into the kernel."
set __widgetArgs(allowptp__frame3__text) ""
set __widgetArgs(denyhosts__UseSMTPBlockList__default) "0"
set __widgetArgs(allowhosts__frame3__orient) "top"
set __widgetArgs(denyservicesglobal__denyservice__export) "1"
set __widgetArgs(denyservicesglobal__label1__anchor) "center"
set __widgetArgs(allowlocalhosts__hostIP__orient) "left"
set __widgetArgs(denyhosts__denyservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to deny HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP.

 Leave blank to block all tcp and udp traffic in the selected direction."
set __widgetArgs(isp__line1__orient) "horizontal"
set __widgetArgs(masq__mframe2__type) "frame"
set __widgetArgs(allowlocalhosts__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Intenet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__text) "Allow outbound TCP to all ports?"
set __widgetArgs(denyhosts__frame2__export) "1"
set __widgetArgs(denylocalhosts__label5__comboWidth) "0"
set __widgetArgs(allowptp__hostnetmask__text) "Network Mask"
set __widgetArgs(masq__hostallow__text) "Default Allow"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__type) "checkbox"
set __widgetArgs(allowptp__frame2__text) ""
set __widgetArgs(denylocalhosts__denyservice__count) "10"
set __widgetArgs(allowptp__localhostIP__help) "The unique IP address of a computer on the local network."
set __widgetArgs(denylocalhosts__deniedhosts__help) "No Help"
set __widgetArgs(masq__servicebyhost__noedit) "0"
set __widgetArgs(allowptp__label1__anchor) "center"
set __widgetArgs(masq__head3__help) "Here you list the computers you wish to masquerade.
 You can also block or allow services on a host-by-host basis."
set __widgetArgs(allowhosts__allowservice__count) "10"
set __widgetArgs(allowhosts__frame3__text) ""
set __widgetArgs(denyptp__frame2__export) "1"
set __widgetArgs(denylocalhosts__frame1__default) ""
set __widgetArgs(masq__mframe1__type) "frame"
set __widgetArgs(general__label2__textafter) ""
set __widgetArgs(general__blockXftp__text) "Block FTP to X server traffic"
set __widgetArgs(general__line1__orient) "horizontal"
set __widgetArgs(allowptp__allowservice__default) ""
set __widgetArgs(allowservicesglobal__allowservice__default) ""
set __widgetArgs(allowlocalhosts__allowservice__textafter) ""
set __widgetArgs(denyhosts__hostnetmask__comboWidth) "0"
set __widgetArgs(denyhosts__line1__help) "No Help"
set __widgetArgs(allowptp__frame1__text) ""
set __widgetArgs(defaultinetpolicy__label1__textafter) ""
set __widgetArgs(denyhosts__hostIP__text) "Internet Host"
set __widgetArgs(allowlocalhosts__line1__type) "line"
set __widgetArgs(allowhosts__allowedhosts__default) ""
set __widgetArgs(allowhosts__hostnetmask__default) ""
set __widgetArgs(denylocalhosts__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(masq__head2__help) "Here you list the services you wish to masquerade. 

If you wish to masquerade all services, then set your default policy to \"allow\". You will still be able to block services on a computer-by-computer basis. If you wish to selectively provide masquerading, then set your default policy to \"deny\" and list just those services you wish to provide. 

Note: these rules will apply to all masqueraded systems."
set __widgetArgs(general__label2__comboWidth) "0"
set __widgetArgs(masq__masqlist__index) ""
set __widgetArgs(denyptp__denyservice__noedit) "0"
set __widgetArgs(denyhosts__frame4__orient) "left"
set __widgetArgs(allowservicesglobal__direction__text) ""
set __widgetArgs(allowhosts__frame2__text) ""
set __widgetArgs(isp__connection_type__defaultIndex) "0"
set __widgetArgs(masq__masqservice__text) "Block/Allow service for all computers"
set __widgetArgs(denyhosts__UseHTTPBlockList__default) "0"
set __widgetArgs(allowlocalhosts__frame3__export) "1"
set __widgetArgs(masq__servicebyhost__textafter) ""
set __widgetArgs(denyservicesglobal__deniedservices__export) "1"
set __widgetArgs(masq__mframe0__type) "frame"
set __widgetArgs(denylocalhosts__head1__text) "Per-Local-Host Service Blocking"
set __widgetArgs(allowlocalhosts__label5__default) "has not"
set __widgetArgs(allowptp__line1__help) "No Help"
set __widgetArgs(denyhosts__HTTPBlockListFile__textafter) ""
set __widgetArgs(denyservicesglobal__denyservice__type) "combobox"
set __widgetArgs(denyptp__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Internet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(denyservicesglobal__deniedservices__maxentries) "Inf"
set __widgetArgs(denylocalhosts__frame1__export) "1"
set __widgetArgs(denyhosts__UseSMTPBlockList__help) "Rather than entering SMTP sites to block in this screen individually and regenerating your firewall file every time you change the list, you can put the list of addresses in a separate file and have the firewall process that file every time it runs.

 Incoming SMTP requests from each IP address in that file will be blocked.

 You can use this to block those irritating spammers and spamhavens."
set __widgetArgs(allowhosts__allowedhosts__export) "1"
set __widgetArgs(allowhosts__hostnetmask__export) "1"
set __widgetArgs(denyhosts__direction__help) "No Help"
set __widgetArgs(denyhosts__frame3__default) ""
set __widgetArgs(denyservicesglobal__denyservice__textafter) ""
set __widgetArgs(denyservicesglobal__label1__comboWidth) "0"
set __widgetArgs(general__head1__text) "          General firewall settings          "
set __widgetArgs(masq__head1__help) "IP Masquerading allows your firewall to hide the existence of the local network while permitting computers on the local network to access the Internet transparently even if they have IP addresses that are not valid for use on the Internet.
 Computers being masqueraded should have their default gateway set to the firewall; if you have a router, configure its routing tables to route Internet addresses to the firewall."
set __widgetArgs(masq__servicebyhost__type) "combobox"
set __widgetArgs(allowptp__allowedhosts__entries) "frame3"
set __widgetArgs(masq__head3__background) "gray"
set __widgetArgs(allowptp__localhostIP__export) "1"
set __widgetArgs(general__label3__textafter) ""
set __widgetArgs(denyptp__hostnetmask__entryhelp) ""
set __widgetArgs(allowhosts__frame1__text) ""
set __widgetArgs(masq__hostallow__export) "1"
set __widgetArgs(allowservicesglobal__line1__text) ""
set __widgetArgs(allowhosts__allowservice__type) "combobox"
set __widgetArgs(general__defaultpolicy__fill) "x"
set __widgetArgs(allowhosts__line1__export) "1"
set __widgetArgs(allowhosts__hostIP__textafter) ""
set __widgetArgs(allowservicesglobal__line1__export) "1"
set __widgetArgs(denylocalhosts__deniedhosts__count) "5"
set __widgetArgs(isp__allow_192_net__anchor) "center"
set __widgetArgs(general__blockinetudp__text) "Default deny UDP traffic on the Internet interface?"
set __widgetArgs(denyptp__line1__type) "line"
set __widgetArgs(allowlocalhosts__allowservice__comboWidth) "0"
set __widgetArgs(allowlocalhosts__hostIP__help) "The name or unique IP address of a computer on the local network."
set __widgetArgs(general__label3__export) "1"
set __widgetArgs(masq__masq_cuseeme__help) "Masquerade CU-SeeMe video conference traffic."
set __widgetArgs(denyptp__denyservice__comboWidth) "0"
set __widgetArgs(isp__head1__background) "gray"
set __widgetArgs(allowhosts__head1__text) "Per-Internet-Host Services Allowed"
set __widgetArgs(masq__masqlist__maxentries) "Inf"
set __widgetArgs(allowhosts__direction__help) "No Help"
set __widgetArgs(denyptp__hostIP__textafter) ""
set __widgetArgs(allowptp__localhostIP__default) ""
set __widgetArgs(denyhosts__label1__comboWidth) "0"
set __widgetArgs(allowhosts__frame3__default) ""
set __widgetArgs(denylocalhosts__frame3__orient) "top"
set __widgetArgs(denyhosts__frame4__anchor) "center"
set __widgetArgs(allowhosts__hostnetmask__entryhelp) ""
set __widgetArgs(denyptp__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(general__blockXall__text) "Block all traffic to X server"
set __widgetArgs(general__label4__textafter) "compiled into the kernel."
set __widgetArgs(masq__masqservices__orient) "left"
set __widgetArgs(allowservicesglobal__allowedservices__entries) "allowservice direction"
set __widgetArgs(denyptp__denyservice__default) ""
set __widgetArgs(general__label4__help) "Forwarding support must be compiled into the kernel if you wish to transfer packets between the local network and the Internet. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denyhosts__line1__export) "1"
set __widgetArgs(allowlocalhosts__allowedhosts__noscissor) "0"
set __widgetArgs(isp__connection_type__export) "1"
set __widgetArgs(allowhosts__allowservice__comboWidth) "0"
set __widgetArgs(denyptp__deniedhosts__entries) "frame3"
set __widgetArgs(allowlocalhosts__frame1__entries) "hostIP"
set __widgetArgs(masq__label5__type) "label"
set __widgetArgs(masq__mframe0__orient) "top"
set __widgetArgs(masq__hostallow__default) "0"
set __widgetArgs(denylocalhosts__denyservice__comboWidth) "0"
set __widgetArgs(defaultinetpolicy__label1__comboWidth) "0"
set __widgetArgs(allowhosts__direction__default) "Inbound"
set __widgetArgs(general__blockXall__default) "0"
set __widgetArgs(allowptp__hostIP__textafter) ""
set __widgetArgs(general__label3__help) "No Help"
set __widgetArgs(allowlocalhosts__frame3__type) "frame"
set __widgetArgs(masq__line3__export) "1"
set __widgetArgs(denyhosts__direction__defaultIndex) "0"
set __widgetArgs(masq__label4__type) "label"
set __widgetArgs(masq__frame2__help) "No Help"
set __widgetArgs(masq__masqservices__lines) "0"
set __widgetArgs(allowservicesglobal__label1__comboWidth) "0"
set __widgetArgs(isp__allow_172_net__anchor) "center"
set __widgetArgs(denyhosts__hostnetmask__entryhelp) ""
set __widgetArgs(allowhosts__line1__default) ""
set __widgetArgs(allowlocalhosts__hostIP__default) ""
set __widgetArgs(masq__masq_cuseeme__default) "0"
set __widgetArgs(allowservicesglobal__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages. 

You'll also want to allow system-level services, such as domain (DNS name resolution) and ntp or time (network time synchronization). 

If your default policy is \"allow\" and you're not blocking Internet traffic by default, you don't need to mention any services here, as they're all allowed by default. 

Note: access to these services will be allowed for ALL hosts on the Internet. See \"Allow Hosts\" to limit access to specific hosts only."
set __widgetArgs(allowhosts__head1__default) ""
set __widgetArgs(general__label2__help) "No Help"
set __widgetArgs(allowlocalhosts__frame2__type) "frame"
set __widgetArgs(isp__label1__default) ""
set __widgetArgs(allowhosts__allowservice__entryhelp) ""
set __widgetArgs(denylocalhosts__frame2__entries) "denyservice direction"
set __widgetArgs(masq__masqservices__anchor) "center"
set __widgetArgs(masq__masq_raudio__default) "0"
set __widgetArgs(allowlocalhosts__direction__type) "radio"
set __widgetArgs(allowlocalhosts__label1__anchor) "center"
set __widgetArgs(isp__connection_type__entries) "\{PPP (ppp0)\} \{PPP + diald (sl0, ppp0)\} \{PPP (ip-up)\} \{PPP + diald (sl0, ip-up)\} \{Static PPP (ppp0)\} \{Static PPP + diald (sl0, ppp0)\} \{Multihomed Ethernet\} \{ISDN PPP (ippp0)\} \{ISDN PPP + diald (sl0, ippp0)\} \{Static ISDN PPP (ippp0)\} \{Static ISDN PPP + diald (sl0, ippp0)\} \{Static SLIP (sl0)\} \{Static SLIP + diald (sl0, sl1)\}"
set __widgetArgs(masq__frame1__help) "No Help"
set __widgetArgs(denyservicesglobal__deniedservices__help) "No Help"
set __widgetArgs(allowlocalhosts__label1__textafter) "compiled into the kernel."
set __widgetArgs(allowptp__direction__help) "No Help"
set __widgetArgs(isp__label1__help) "No Help"
set __widgetArgs(allowptp__frame3__default) ""
set __widgetArgs(masq__frame1__orient) "left"
set __widgetArgs(allowptp__hostIP__text) "Internet Host"
set __widgetArgs(general__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(masq__masqsystem__textafter) ""
set __widgetArgs(allowlocalhosts__frame1__type) "frame"
set __widgetArgs(allowlocalhosts__label4__export) "1"
set __widgetArgs(masq__masqlist__export) "1"
set __widgetArgs(denylocalhosts__frame3__help) "No Help"
set __widgetArgs(denylocalhosts__label5__type) "label"
set __widgetArgs(isp__allow_172_net__help) "Check this box if your private network uses the reserved IP address space 172.16.0.0/12

 This will allow your Private Network hosts to communicate with your Boundary Network hosts. Other filtering rules apply, so you can still control access to your Boundary Network hosts."
set __widgetArgs(masq__frame1__default) ""
set __widgetArgs(masq__label2__type) "label"
set __widgetArgs(masq__frame0__help) "No Help"
set __widgetArgs(denylocalhosts__deniedhosts__export) "1"
set __widgetArgs(masq__mframe1__default) ""
set __widgetArgs(isp__line1__default) ""
set __widgetArgs(masq__masqlist__type) "extentry"
set __widgetArgs(allowptp__frame2__export) "1"
set __widgetArgs(denyhosts__frame4__entries) "UseHTTPBlockList HTTPBlockListFile"
set __widgetArgs(allowhosts__head1__background) "gray"
set __widgetArgs(isp__head1__default) ""
set __widgetArgs(allowlocalhosts__allowservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denylocalhosts__label1__comboWidth) "0"
set __widgetArgs(allowptp__hostnetmask__count) "8"
set __widgetArgs(isp__allow_10_net__default) "0"
set __widgetArgs(allowlocalhosts__direction__defaultIndex) "0"
set __widgetArgs(allowhosts__allowedhosts__index) ""
set __widgetArgs(allowservicesglobal__line1__default) ""
set __widgetArgs(denylocalhosts__frame2__help) "No Help"
set __widgetArgs(denylocalhosts__label4__type) "label"
set __widgetArgs(isp__ISPIP__help) "If your Internet IP address is permanently assigned (rather than determined dynamically every time you dial in) enter that address here."
set __widgetArgs(isp__allow_10_net__type) "checkbox"
set __widgetArgs(allowservicesglobal__head1__default) ""
set __widgetArgs(allowhosts__hostIP__text) "Internet Host"
set __widgetArgs(masq__servicebyhost__comboWidth) "0"
set __widgetArgs(denyptp__denyservice__textafter) ""
set __widgetArgs(masq__label1__type) "label"
set __widgetArgs(denyptp__direction__help) "No Help"
set __widgetArgs(denyptp__head1__background) "gray"
set __widgetArgs(denyptp__frame3__default) ""
set __widgetArgs(denyservicesglobal__direction__type) "radio"
set __widgetArgs(denyptp__localhostIP__type) "entry"
set __widgetArgs(isp__internal_firewall__text) "Internal firewall on Boundary or Private Network"
set __widgetArgs(denylocalhosts__label1__textafter) "compiled into the kernel."
set __widgetArgs(general__blockXall__anchor) "center"
set __widgetArgs(denyhosts__HTTPBlockListFile__text) "HTTP Block List filename"
set __widgetArgs(denylocalhosts__frame1__help) "No Help"
set __widgetArgs(allowservicesglobal__label1__text) "Firewall support"
set __widgetArgs(defaultinetpolicy__label1__text) "This screen is just a placeholder for some code generation functions."
set __widgetArgs(denyhosts__denyservice__type) "combobox"
set __widgetArgs(allowservicesglobal__allowedservices__text) ""
set __widgetArgs(general__classmask__text) "Use default class mask for local network"
set __widgetArgs(allowptp__direction__entries) "Inbound Outbound"
set __widgetArgs(denyhosts__hostnetmask__text) "Network Mask"
set __widgetArgs(isp__internal_firewall__anchor) "center"
set __widgetArgs(masq__masqservices__help) "Services to block or allow for all masqueraded computers."
set __widgetArgs(allowhosts__direction__export) "1"
set __widgetArgs(denyptp__frame3__help) "No Help"
set __widgetArgs(general__defaultpolicy__help) "The preferred policy from a security standpoint is to discard packets unless they are explicitly accepted. This allows you to tightly control the access others have to your network, but requires more administration and a greater understanding of the services being used.
 If you are running on a computer with little or no critical information and only dialup access to the Internet, you can probably safely set your default policy to \"allow\".
 This default policy will apply to packets originating on your local network as well as those originating from the Internet."
set __widgetArgs(masq__defaultpolicy__default) "Allow"
set __widgetArgs(allowhosts__head1__export) "1"
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__anchor) "center"
set __widgetArgs(allowptp__head1__background) "gray"
set __widgetArgs(allowptp__localhostIP__type) "entry"
set __widgetArgs(denyhosts__frame1__entries) "hostIP hostnetmask"
set __widgetArgs(denylocalhosts__deniedhosts__type) "extentry"
set __widgetArgs(allowservicesglobal__head1__export) "1"
set __widgetArgs(masq__line2__default) ""
set __widgetArgs(masq__head3__type) "header"
set __widgetArgs(denylocalhosts__line1__default) ""
set __widgetArgs(masq__head2__default) ""
set __widgetArgs(denyhosts__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denylocalhosts__head1__default) ""
set __widgetArgs(isp__allow_192_net__help) "Check this box if your private network uses the reserved IP address space 192.168.0.0/16

 This will allow your Private Network hosts to communicate with your Boundary Network hosts. Other filtering rules apply, so you can still control access to your Boundary Network hosts."
set __widgetArgs(general__label3__default) ""
set __widgetArgs(denyptp__direction__count) "5"
set __widgetArgs(denyptp__direction__export) "1"
set __widgetArgs(denyhosts__HTTPBlockListFile__comboWidth) "0"
set __widgetArgs(allowhosts__hostIP__export) "1"
set __widgetArgs(allowservicesglobal__label1__default) "is"
set __widgetArgs(denyptp__frame2__help) "No Help"
set __widgetArgs(allowservicesglobal__allowservice__comboWidth) "0"
set __widgetArgs(allowlocalhosts__label6__anchor) "center"
set __widgetArgs(denyhosts__denyservice__export) "1"
set __widgetArgs(denyhosts__line1__type) "line"
set __widgetArgs(denyhosts__SMTPBlockListFile__help) "The name of a file containing a list of IP addresses of computers or networks on the Internet where incoming SMTP requests are to be blocked.

 IP addresses should be of the form xxx.xxx.xxx.xxx/nnn.nnn.nnn.nnn where nnn.nnn.nnn.nnn is the netmask, or xxx.xxx.xxx.xxx/nn where nn is the number of mask bits. See the \"Network Mask\" combo box for details.

 Only enter one IP address per line."
set __widgetArgs(denylocalhosts__label1__type) "label"
set __widgetArgs(masq__head2__type) "header"
set __widgetArgs(masq__masq_irc__help) "Masquerade Internet Relay Chat traffic."
set __widgetArgs(allowptp__allowservice__textafter) ""
set __widgetArgs(denylocalhosts__label4__anchor) "center"
set __widgetArgs(denyhosts__hostIP__default) ""
set __widgetArgs(allowlocalhosts__label4__textafter) "compiled into the kernel."
set __widgetArgs(allowhosts__frame2__orient) "left"
set __widgetArgs(allowhosts__frame1__entries) "hostIP hostnetmask"
set __widgetArgs(allowptp__line1__type) "line"
set __widgetArgs(denyhosts__head1__export) "1"
set __widgetArgs(masq__masquerade__text) "Enable IP Masquerading"
set __widgetArgs(denyptp__line1__export) "1"
set __widgetArgs(denyptp__frame1__help) "No Help"
set __widgetArgs(denyhosts__denyservice__textafter) ""
set __widgetArgs(denyptp__direction__default) "Inbound"
set __widgetArgs(allowservicesglobal__allowedservices__lines) "0"
set __widgetArgs(isp__internal_firewall__default) "0"
set __widgetArgs(denyhosts__UseSMTPBlockList__type) "checkbox"
set __widgetArgs(denyhosts__direction__type) "radio"
set __widgetArgs(allowptp__direction__export) "1"
set __widgetArgs(allowlocalhosts__allowedhosts__lines) "0"
set __widgetArgs(masq__head1__type) "header"
set __widgetArgs(masq__masq_ftp__export) "1"
set __widgetArgs(denyhosts__frame1__export) "1"
set __widgetArgs(denyservicesglobal__head1__background) "gray"
set __widgetArgs(denyservicesglobal__head1__export) "1"
set __widgetArgs(isp__connection_type__text) "I connect to the Internet using"
set __widgetArgs(denyhosts__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Intenet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(masq__head3__export) "1"
set __widgetArgs(masq__frame2__entries) "frame1 line3"
set __widgetArgs(denyptp__frame1__export) "1"
set __widgetArgs(allowlocalhosts__hostIP__type) "entry"
set __widgetArgs(allowhosts__hostIP__default) ""
set __widgetArgs(masq__masquerade__export) "1"
set __widgetArgs(masq__masq_cuseeme__type) "checkbox"
set __widgetArgs(allowptp__allowservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to allow HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(denyptp__localhostIP__textafter) ""
set __widgetArgs(allowptp__masquerade__export) "1"
set __widgetArgs(allowlocalhosts__line1__export) "1"
set __widgetArgs(masq__mframe2__entries) "mframe0 mframe1"
set __widgetArgs(allowlocalhosts__label5__textafter) "been enabled."
set __widgetArgs(allowservicesglobal__allowedservices__maxentries) "Inf"
set __widgetArgs(allowservicesglobal__allowservice__text) "Service to allow"
set __widgetArgs(masq__label1__textafter) "compiled into the kernel."
set __widgetArgs(allowhosts__direction__type) "radio"
set __widgetArgs(general__antispoof__export) "1"
set __widgetArgs(isp__line2__text) ""
set __widgetArgs(masq__defaultpolicy__text) "Default masquerade policy"
set __widgetArgs(denyhosts__hostnetmask__noedit) "1"
set __widgetArgs(denylocalhosts__label4__textafter) "compiled into the kernel."
set __widgetArgs(denyptp__label1__type) "label"
set __widgetArgs(denyhosts__frame3__orient) "top"
set __widgetArgs(general__label3a__textafter) ""
set __widgetArgs(masq__masq_vdolive__text) "Masquerade VDO Live (2.0.30+)"
set __widgetArgs(masq__servicesbyhost__entries) "servicebyhost"
set __widgetArgs(allowlocalhosts__frame2__export) "1"
set __widgetArgs(general__label4__type) "label"
set __widgetArgs(allowptp__hostnetmask__comboWidth) "0"
set __widgetArgs(denyservicesglobal__denyservice__comboWidth) "0"
set __widgetArgs(denyservicesglobal__direction__export) "1"
set __widgetArgs(denyptp__localhostIP__export) "1"
set __widgetArgs(denyptp__deniedhosts__lines) "0"
set __widgetArgs(isp__line1__text) ""
set __widgetArgs(denyhosts__frame5__help) "No Help"
set __widgetArgs(denyptp__frame3__orient) "top"
set __widgetArgs(denylocalhosts__line1__orient) "horizontal"
set __widgetArgs(denylocalhosts__denyservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to deny HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(masq__label2__anchor) "center"
set __widgetArgs(allowptp__allowedhosts__noscissor) "0"
set __widgetArgs(denyhosts__hostIP__textafter) ""
set __widgetArgs(denyhosts__denyservice__default) ""
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__default) "0"
set __widgetArgs(allowlocalhosts__label6__textafter) "been detected."
set __widgetArgs(allowptp__frame1__entries) "hostIP hostnetmask"
set __widgetArgs(general__blockinettcp__export) "1"
set __widgetArgs(allowlocalhosts__head1__text) "Per-Local-Host Services Allowed"
set __widgetArgs(general__label3__type) "label"
set __widgetArgs(masq__label2__textafter) ""
set __widgetArgs(denylocalhosts__hostIP__help) "The name or unique IP address of a computer on the local network."
set __widgetArgs(denylocalhosts__hostIP__export) "1"
set __widgetArgs(denyhosts__deniedhosts__entries) "frame3"
set __widgetArgs(denylocalhosts__label5__textafter) "been enabled."
set __widgetArgs(masq__label5__export) "1"
set __widgetArgs(masq__frame2__type) "frame"
set __widgetArgs(denyhosts__frame4__help) "No Help"
set __widgetArgs(denyservicesglobal__deniedservices__index) ""
set __widgetArgs(general__label2__export) "1"
set __widgetArgs(allowhosts__label1__export) "1"
set __widgetArgs(allowlocalhosts__direction__entries) "Inbound Outbound"
set __widgetArgs(allowptp__allowservice__noedit) "0"
set __widgetArgs(denyptp__deniedhosts__orient) "left"
set __widgetArgs(allowservicesglobal__head1__type) "header"
set __widgetArgs(general__label3__comboWidth) "0"
set __widgetArgs(denylocalhosts__frame2__orient) "left"
set __widgetArgs(isp__ISPIP__orient) "left"
set __widgetArgs(general__label2__type) "label"
set __widgetArgs(allowptp__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denyhosts__SMTPBlockListFile__export) "1"
set __widgetArgs(allowptp__hostIP__default) ""
set __widgetArgs(masq__frame1__type) "frame"
set __widgetArgs(denyhosts__frame3__help) "No Help"
set __widgetArgs(denylocalhosts__deniedhosts__noscissor) "0"
set __widgetArgs(isp__allow_192_net__default) "0"
set __widgetArgs(denyptp__frame1__entries) "hostIP hostnetmask"
set __widgetArgs(allowservicesglobal__allowservice__textafter) ""
set __widgetArgs(denyhosts__UseSMTPBlockList__export) "1"
set __widgetArgs(denyservicesglobal__deniedservices__type) "extentry"
set __widgetArgs(isp__allow_10_net__anchor) "center"
set __widgetArgs(denyptp__head1__text) "Point-to-Point Service Blocking"
set __widgetArgs(allowptp__line1__orient) "horizontal"
set __widgetArgs(allowservicesglobal__allowservice__export) "1"
set __widgetArgs(allowptp__direction__type) "radio"
set __widgetArgs(isp__label1__type) "label"
set __widgetArgs(denyhosts__UseHTTPBlockList__export) "1"
set __widgetArgs(isp__head2__help) "One way to provide secure access to the Internet is to assign your IP addresses from blocks of addresses reserved for private networks (see RFC1597). These addresses must not be transmitted over the Internet, so the Internet cannot be used to directly access hosts on your private network. This also means that your hosts cannot directly access the Internet.

 In order to access the Internet, a network with public IP addresses (assigned to you by the InterNIC) and proxy servers is placed between the Internet and your local network. A firewall is placed between this \"boundary network\" and the Internet, and another firewall is placed between the boundary network and your private network.

 The Internet firewall must block the Private Network IP addresses. The internal firewall must not, or your private hosts won't be able to communicate with the proxy servers on the boundary network."
set __widgetArgs(general__label1__type) "label"
set __widgetArgs(denyptp__deniedhosts__text) ""
set __widgetArgs(denylocalhosts__frame3__type) "frame"
set __widgetArgs(isp__allow_172_net__type) "checkbox"
set __widgetArgs(isp__label1__export) "1"
set __widgetArgs(masq__frame0__type) "frame"
set __widgetArgs(denyhosts__frame2__help) "No Help"
set __widgetArgs(allowhosts__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(denyptp__hostIP__help) "The name or unique IP address of a computer on the Internet, or a network address (to match all hosts on a particular network).
 WARNING: If you enter a name then that name should probably be in your /etc/hosts file. If you access the Internet via dialup there is no guarantee that the ipfwadm command will be able to look up the name using DNS."
set __widgetArgs(allowptp__allowedhosts__maxentries) "Inf"
set __widgetArgs(masq__line2__export) "1"
set __widgetArgs(allowservicesglobal__label1__export) "1"
set __widgetArgs(isp__head2__background) "gray"
set __widgetArgs(isp__head1__help) "How you obtain your Internet access."
set __widgetArgs(denyptp__hostIP__default) ""
set __widgetArgs(allowptp__allowedhosts__default) ""
set __widgetArgs(allowptp__allowedhosts__text) ""
set __widgetArgs(denyhosts__HTTPBlockListFile__orient) "left"
set __widgetArgs(denylocalhosts__frame2__type) "frame"
set __widgetArgs(isp__ISPIP__type) "entry"
set __widgetArgs(isp__connection_type__textafter) ""
set __widgetArgs(general__line1__default) ""
set __widgetArgs(masq__label4__textafter) "compiled into the kernel."
set __widgetArgs(isp__on_internet__text) "Connected to the Internet or acting as an internetwork firewall"
set __widgetArgs(general__head1__default) ""
set __widgetArgs(masq__masq_ftp__help) "Masquerade FTP file transfer traffic."
set __widgetArgs(denyhosts__frame1__help) "No Help"
set __widgetArgs(denyptp__direction__type) "radio"
set __widgetArgs(general__outboundtraceroute__text) "Allow outbound traceroute packets?"
set __widgetArgs(allowptp__direction__defaultIndex) "0"
set __widgetArgs(masq__servicesbyhost__lines) "0"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__anchor) "center"
set __widgetArgs(denylocalhosts__denyservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denyptp__head1__export) "1"
set __widgetArgs(denylocalhosts__frame1__type) "frame"
set __widgetArgs(denyhosts__direction__count) "5"
set __widgetArgs(denyhosts__deniedhosts__index) ""
set __widgetArgs(allowlocalhosts__allowservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to allow HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(allowlocalhosts__allowservice__export) "1"
set __widgetArgs(general__label4__anchor) "center"
set __widgetArgs(masq__frame0__orient) "top"
set __widgetArgs(allowhosts__hostIP__comboWidth) "0"
set __widgetArgs(denylocalhosts__denyservice__noedit) "0"
set __widgetArgs(general__inboundtraceroute__default) "0"
set __widgetArgs(masq__masqservices__type) "extentry"
set __widgetArgs(denyptp__frame3__type) "frame"
set __widgetArgs(denyhosts__head1__background) "gray"
set __widgetArgs(allowservicesglobal__allowedservices__default) ""
set __widgetArgs(general__classmask__default) "0"
set __widgetArgs(general__defaultpolicy__type) "radio"
set __widgetArgs(masq__label5__textafter) "be loaded."
set __widgetArgs(masq__mframe2__export) "1"
set __widgetArgs(masq__line3__help) "No Help"
set __widgetArgs(denylocalhosts__label1__export) "1"
set __widgetArgs(allowptp__frame1__export) "1"
set __widgetArgs(denylocalhosts__direction__text) ""
set __widgetArgs(denyptp__deniedhosts__default) ""
set __widgetArgs(allowlocalhosts__frame1__default) ""
set __widgetArgs(denyhosts__label1__type) "label"
set __widgetArgs(isp__allow_192_net__type) "checkbox"
set __widgetArgs(denyhosts__line1__default) ""
set __widgetArgs(allowlocalhosts__head1__export) "1"
set __widgetArgs(denyhosts__head1__default) ""
set __widgetArgs(allowhosts__allowedhosts__help) "No Help"
set __widgetArgs(allowhosts__hostnetmask__help) "If you entered the IP address or name for a specific host, select \"32: 255.255.255.255\" - this means that the address must match exactly for the packet to be accepted.
 If you entered a network address, or if you entered a host IP or name and want to match all of the hosts on the same network as that host, select the appropriate netmask for that network.
 WARNING: If you select \"0: 0.0.0.0\" then this rule will apply to *all* hosts on the Internet."
set __widgetArgs(denyptp__frame2__type) "frame"
set __widgetArgs(general__line2__text) ""
set __widgetArgs(masq__line2__help) "No Help"
set __widgetArgs(denyhosts__SMTPBlockListFile__type) "entry"
set __widgetArgs(masq__masqservice__noedit) "0"
set __widgetArgs(denylocalhosts__line1__text) ""
set __widgetArgs(denyptp__line1__default) ""
set __widgetArgs(allowhosts__allowservice__noedit) "0"
set __widgetArgs(masq__masq_irc__type) "checkbox"
set __widgetArgs(denyptp__head1__default) ""
set __widgetArgs(denyptp__hostnetmask__help) "If you entered the IP address or name for a specific host, select \"32: 255.255.255.255\" - this means that the address must match exactly for the packet to be accepted.
 If you entered a network address, or if you entered a host IP or name and want to match all of the hosts on the same network as that host, select the appropriate netmask for that network.
 WARNING: If you select \"0: 0.0.0.0\" then this rule will apply to *all* hosts on the Internet."
set __widgetArgs(denyptp__hostnetmask__entries) "	\" 0: 0.0.0.0\" \" 1: 128.0.0.0\" \" 2: 192.0.0.0\" \" 3: 224.0.0.0\" \" 4: 240.0.0.0\" \" 5: 248.0.0.0\" \" 6: 252.0.0.0\" \" 7: 254.0.0.0\" \" 8: 255.0.0.0\" \" 9: 255.128.0.0\" \"10: 255.192.0.0\" \"11: 255.224.0.0\" \"12: 255.240.0.0\" \"13: 255.248.0.0\" \"14: 255.252.0.0\" \"15: 255.254.0.0\" \"16: 255.255.0.0\" \"17: 255.255.128.0\" \"18: 255.255.192.0\" \"19: 255.255.224.0\" \"20: 255.255.240.0\" \"21: 255.255.248.0\" \"22: 255.255.252.0\" \"23: 255.255.254.0\" \"24: 255.255.255.0\" \"25: 255.255.255.128\" \"26: 255.255.255.192\" \"27: 255.255.255.224\" \"28: 255.255.255.240\" \"29: 255.255.255.248\" \"30: 255.255.255.252\" \"31: 255.255.255.254\" \"32: 255.255.255.255\" "
set __widgetArgs(masq__masqservices__count) "2"
set __widgetArgs(denyptp__frame1__type) "frame"
set __widgetArgs(allowptp__frame3__orient) "top"
set __widgetArgs(general__line1__text) ""
set __widgetArgs(masq__line1__help) "No Help"
set __widgetArgs(denyhosts__direction__export) "1"
set __widgetArgs(denylocalhosts__frame2__default) ""
set __widgetArgs(isp__ISPIP__default) ""
set __widgetArgs(allowptp__hostnetmask__entryhelp) ""
set __widgetArgs(isp__connection_type__default) "PPP (ppp0)"
set __widgetArgs(allowptp__frame3__help) "No Help"
set __widgetArgs(allowservicesglobal__direction__count) "5"
set __widgetArgs(masq__masqservice__count) "10"
set __widgetArgs(allowptp__hostnetmask__noedit) "1"
set __widgetArgs(allowptp__allowedhosts__lines) "0"
set __widgetArgs(isp__on_internet__export) "1"
set __widgetArgs(masq__masqservices__noscissor) "0"
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__help) "
If you don't wish to list the specific services you allow, you can check this box. This will allow users on the local network to initiate a connection to ANY service on ANY port. 

This option does not enable UDP traffic, which must be explicitly listed."
set __widgetArgs(allowptp__hostnetmask__help) "If you entered the IP address or name for a specific host, select \"32: 255.255.255.255\" - this means that the address must match exactly for the packet to be accepted.
 If you entered a network address, or if you entered a host IP or name and want to match all of the hosts on the same network as that host, select the appropriate netmask for that network. 
WARNING: If you select \"0: 0.0.0.0\" then this rule will apply to *all* hosts on the Internet."
set __widgetArgs(allowptp__allowservice__type) "combobox"
set __widgetArgs(allowptp__allowedhosts__orient) "left"
set __widgetArgs(allowlocalhosts__label6__default) "has not"
set __widgetArgs(allowhosts__line1__text) ""
set __widgetArgs(defaultinetpolicy__label1__export) "1"
set __widgetArgs(masq__hostallow__help) "Set the default policy for this host to \"Allow\"."
set __widgetArgs(allowptp__masquerade__text) "Masquerade"
set __widgetArgs(allowptp__frame2__help) "No Help"
set __widgetArgs(allowlocalhosts__label5__anchor) "center"
set __widgetArgs(allowservicesglobal__label1__textafter) "compiled into the kernel."
set __widgetArgs(general__defaultpolicy__count) "5"
set __widgetArgs(allowptp__localhostIP__comboWidth) "0"
set __widgetArgs(denyhosts__frame4__default) ""
set __widgetArgs(denylocalhosts__deniedhosts__index) ""
set __widgetArgs(allowhosts__frame3__help) "No Help"
set __widgetArgs(allowlocalhosts__allowservice__default) ""
set __widgetArgs(masq__masqservices__maxentries) "Inf"
set __widgetArgs(allowservicesglobal__direction__defaultIndex) "0"
set __widgetArgs(general__blockXftp__help) "If you allow FTP traffic through your firewall, it is possible for a poorly-administered system to send traffic from their FTP-data port (port 20) to your X Window server (port 6000:6005) and crash your X server. 

This will block traffic from the ftp-data port on Internet hosts to X servers on your local network. It may occasionally cause FTP transfers to fail if the FTP client happens to open an unused port in the range normally used by the X server."
set __widgetArgs(allowhosts__frame1__orient) "left"
set __widgetArgs(general__blockinettcp__text) "Default deny TCP traffic on the Internet interface?"
set __widgetArgs(allowptp__frame1__help) "No Help"
set __widgetArgs(allowlocalhosts__allowedhosts__text) ""
set __widgetArgs(denyhosts__hostIP__help) "The name or unique IP address of a computer on the Internet, or a network address (to match all hosts on a particular network).
 WARNING: If you enter a name then that name should probably be in your /etc/hosts file. If you access the Internet via dialup there is no guarantee that the ipfwadm command will be able to look up the name using DNS."
set __widgetArgs(denyhosts__frame5__type) "frame"
set __widgetArgs(allowservicesglobal__direction__help) "No Help"
set __widgetArgs(allowhosts__frame2__help) "No Help"
set __widgetArgs(masq__masqservice__help) "If the default masquerade policy is \"Allow\" then only the services listed here (if any) will be blocked. This may be overridden on a computer-by-computer basis.
 If the default masquerade policy is \"Block\" then only the services listed here (if any) will be allowed. This may be overridden on a computer-by-computer basis.
 Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to block or allow HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP."
set __widgetArgs(denylocalhosts__denyservice__type) "combobox"
set __widgetArgs(denylocalhosts__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(masq__masq_raudio__export) "1"
set __widgetArgs(denyhosts__head1__text) "Per-Internet-Host Service Blocking"
set __widgetArgs(denyhosts__UseHTTPBlockList__text) "Use HTTP Block List"
set __widgetArgs(masq__servicesbyhost__text) ""
set __widgetArgs(denylocalhosts__hostIP__type) "entry"
set __widgetArgs(allowlocalhosts__allowedhosts__entries) "frame3"
set __widgetArgs(masq__masq_quake__text) "Masquerade Quake (2.0.30+)"
set __widgetArgs(general__inboundtraceroute__text) "Allow inbound traceroute packets?"
set __widgetArgs(masq__head2__export) "1"
set __widgetArgs(general__head1__background) "gray"
set __widgetArgs(allowptp__direction__default) "Inbound"
set __widgetArgs(general__head1__help) "Settings that determine the general character of the firewall configuration."
set __widgetArgs(masq__servicesbyhost__noscissor) "0"
set __widgetArgs(denyhosts__hostIP__export) "1"
set __widgetArgs(denyhosts__frame4__type) "frame"
set __widgetArgs(allowptp__head1__text) "Point-to-Point Services Allowed"
set __widgetArgs(allowhosts__frame1__help) "No Help"
set __widgetArgs(allowservicesglobal__line1__help) "No Help"
set __widgetArgs(general__antispoof__text) "Enable anti-spoofing"
set __widgetArgs(allowlocalhosts__frame2__entries) "allowservice direction"
set __widgetArgs(masq__masq_ftp__default) "1"
set __widgetArgs(denyhosts__frame1__default) ""
set __widgetArgs(general__blockinetudp__help) "The default policy is Accept. If you wish to increase security by making \"Deny\" the default policy for UDP packets on the Internet interface *only*, check this box. You will then have to explicitly list the UDP traffic to allow over the Internet interface."
set __widgetArgs(denyptp__hostIP__export) "1"
set __widgetArgs(masq__label4__comboWidth) "0"
set __widgetArgs(allowptp__label1__type) "label"
set __widgetArgs(denyhosts__frame2__orient) "left"
set __widgetArgs(allowlocalhosts__frame1__export) "1"
set __widgetArgs(denyhosts__frame3__type) "frame"
set __widgetArgs(denyptp__hostIP__comboWidth) "0"
set __widgetArgs(allowhosts__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(allowptp__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Internet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(denyservicesglobal__denyservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(isp__head2__type) "header"
set __widgetArgs(denyptp__frame2__orient) "left"
set __widgetArgs(general__blockXall__help) "This will block all traffic from the Internet to X servers on your local network. It may occasionally cause other services (such as FTP and WWW requests) to fail if the client happens to open an unused port in the range normally used by the X server."
set __widgetArgs(denylocalhosts__label4__default) "is"
set __widgetArgs(masq__label1__anchor) "center"
set __widgetArgs(isp__line2__export) "1"
set __widgetArgs(denyhosts__frame2__type) "frame"
set __widgetArgs(allowhosts__frame1__default) ""
set __widgetArgs(masq__servicesbyhost__export) "1"
set __widgetArgs(allowhosts__label1__type) "label"
set __widgetArgs(denylocalhosts__frame3__entries) "frame1 frame2 line1"
set __widgetArgs(denyservicesglobal__head1__default) ""
set __widgetArgs(denyptp__hostIP__type) "entry"
set __widgetArgs(allowlocalhosts__label6__text) "A local network"
set __widgetArgs(general__blockXftp__anchor) "center"
set __widgetArgs(denyptp__denyservice__count) "10"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__default) "0"
set __widgetArgs(masq__label4__export) "1"
set __widgetArgs(allowservicesglobal__allowedservices__count) "10"
set __widgetArgs(allowlocalhosts__hostIP__textafter) ""
set __widgetArgs(isp__head1__type) "header"
set __widgetArgs(general__label1__export) "1"
set __widgetArgs(allowlocalhosts__frame3__orient) "top"
set __widgetArgs(denyservicesglobal__deniedservices__orient) "left"
set __widgetArgs(allowlocalhosts__allowedhosts__count) "5"
set __widgetArgs(allowlocalhosts__allowservice__entryhelp) ""
set __widgetArgs(general__label3a__text) "Internet"
set __widgetArgs(masq__masq_ftp__type) "checkbox"
set __widgetArgs(denyhosts__frame1__type) "frame"
set __widgetArgs(denyhosts__deniedhosts__text) ""
set __widgetArgs(allowhosts__label1__comboWidth) "0"
set __widgetArgs(denylocalhosts__frame1__orient) "left"
set __widgetArgs(allowptp__line1__default) ""
set __widgetArgs(allowhosts__allowedhosts__orient) "left"
set __widgetArgs(general__line2__export) "1"
set __widgetArgs(masq__masqsystem__export) "1"
set __widgetArgs(allowptp__head1__default) ""
set __widgetArgs(masq__frame2__default) ""
set __widgetArgs(allowlocalhosts__label5__text) "Masquerading"
set __widgetArgs(allowptp__localhostIP__orient) "left"
set __widgetArgs(masq__servicebyhost__entryhelp) ""
set __widgetArgs(masq__mframe2__default) ""
set __widgetArgs(allowhosts__line1__orient) "horizontal"
set __widgetArgs(allowservicesglobal__allowedservices__noscissor) "0"
set __widgetArgs(isp__line2__default) ""
set __widgetArgs(denyhosts__hostnetmask__count) "8"
set __widgetArgs(denyhosts__frame5__entries) "UseSMTPBlockList SMTPBlockListFile"
set __widgetArgs(denyhosts__frame5__export) "1"
set __widgetArgs(general__blockinetudp__export) "1"
set __widgetArgs(allowlocalhosts__allowservice__type) "combobox"
set __widgetArgs(isp__head2__default) ""
set __widgetArgs(allowservicesglobal__line1__orient) "horizontal"
set __widgetArgs(denyservicesglobal__direction__entries) "Inbound Outbound"
set __widgetArgs(denyservicesglobal__denyservice__entryhelp) ""
set __widgetArgs(denylocalhosts__label1__default) "is"
set __widgetArgs(allowlocalhosts__label4__text) "IP Forwarding support"
set __widgetArgs(general__label3a__export) "1"
set __widgetArgs(masq__servicesbyhost__default) ""
set __widgetArgs(denyservicesglobal__head1__text) "Global Service Blocking"
set __widgetArgs(masq__line3__type) "line"
set __widgetArgs(denylocalhosts__hostIP__textafter) ""
set __widgetArgs(allowptp__hostIP__help) "The name or unique IP address of a computer on the Internet, or a network address (to match all hosts on a particular network). 
WARNING: If you enter a name then that name should probably be in your /etc/hosts file. If you access the Internet via dialup there is no guarantee that the ipfwadm command will be able to look up the name using DNS. 

If you provide a file name here, the IP addresses and netmasks will be retrieved from that file at the time the firewall script is run. This allows you to modify the list of Internet hosts permitted to access your local network without having to regenerate the firewall script."
set __widgetArgs(allowptp__allowservice__comboWidth) "0"
set __widgetArgs(denyhosts__label1__export) "1"
set __widgetArgs(masq__line1__export) "1"
set __widgetArgs(denyptp__deniedhosts__count) "5"
set __widgetArgs(general__label4__comboWidth) "0"
set __widgetArgs(allowhosts__allowedhosts__type) "extentry"
set __widgetArgs(allowhosts__hostnetmask__type) "combobox"
set __widgetArgs(denyhosts__line1__orient) "horizontal"
set __widgetArgs(denylocalhosts__denyservice__textafter) ""
set __widgetArgs(masq__masq_raudio__text) "Masquerade RealAudio"
set __widgetArgs(allowptp__frame1__default) ""
set __widgetArgs(denyhosts__direction__entries) "Inbound Outbound"
set __widgetArgs(masq__line2__type) "line"
set __widgetArgs(masq__servicebyhost__export) "1"
set __widgetArgs(denyptp__label1__export) "1"
set __widgetArgs(denyhosts__deniedhosts__default) ""
set __widgetArgs(masq__masqservices__entries) "masqservice"
set __widgetArgs(masq__hostallow__anchor) "center"
set __widgetArgs(masq__masqlist__lines) "0"
set __widgetArgs(denyptp__deniedhosts__maxentries) "Inf"
set __widgetArgs(denyptp__hostnetmask__type) "combobox"
set __widgetArgs(allowhosts__hostIP__help) "The name or unique IP address of a computer on the Internet, or a network address (to match all hosts on a particular network).
 WARNING: If you enter a name then that name should probably be in your /etc/hosts file. If you access the Internet via dialup there is no guarantee that the ipfwadm command will be able to look up the name using DNS. 

If you provide a file name here, the IP addresses and netmasks will be retrieved from that file at the time the firewall script is run. This allows you to modify the list of Internet hosts permitted to access your local network without having to regenerate the firewall script."
set __widgetArgs(denyhosts__frame2__entries) "denyservice direction"
set __widgetArgs(allowlocalhosts__direction__default) "Inbound"
set __widgetArgs(masq__line3__default) ""
set __widgetArgs(masq__masqlist__entries) "frame2"
set __widgetArgs(denyptp__denyservice__text) "Service to block"
set __widgetArgs(denyservicesglobal__label1__text) "Firewall support"
set __widgetArgs(general__label3__anchor) "center"
set __widgetArgs(masq__head3__default) ""
set __widgetArgs(masq__line1__type) "line"
set __widgetArgs(masq__line3__orient) "horizontal"
set __widgetArgs(isp__internal_firewall__help) "Check this box if this system is a firewall between your private network and your boundary network, or between segments of your private network. This will allow you to suppress Private Network IP filtering so your Private Network hosts can communicate with your Boundary Network hosts."
set __widgetArgs(general__label4__default) "is"
set __widgetArgs(denyptp__denyservice__export) "1"
set __widgetArgs(denyhosts__HTTPBlockListFile__help) "The name of a file containing a list of IP addresses of computers or networks on the Internet where outgoing HTTP requests are to be blocked.

 IP addresses should be of the form xxx.xxx.xxx.xxx/nnn.nnn.nnn.nnn where nnn.nnn.nnn.nnn is the netmask, or xxx.xxx.xxx.xxx/nn where nn is the number of mask bits. See the \"Network Mask\" combo box for details.

 Only enter one IP address per line."
set __widgetArgs(allowptp__frame3__type) "frame"
set __widgetArgs(allowhosts__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Internet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(denyhosts__hostnetmask__entries) "	\" 0: 0.0.0.0\" \" 1: 128.0.0.0\" \" 2: 192.0.0.0\" \" 3: 224.0.0.0\" \" 4: 240.0.0.0\" \" 5: 248.0.0.0\" \" 6: 252.0.0.0\" \" 7: 254.0.0.0\" \" 8: 255.0.0.0\" \" 9: 255.128.0.0\" \"10: 255.192.0.0\" \"11: 255.224.0.0\" \"12: 255.240.0.0\" \"13: 255.248.0.0\" \"14: 255.252.0.0\" \"15: 255.254.0.0\" \"16: 255.255.0.0\" \"17: 255.255.128.0\" \"18: 255.255.192.0\" \"19: 255.255.224.0\" \"20: 255.255.240.0\" \"21: 255.255.248.0\" \"22: 255.255.252.0\" \"23: 255.255.254.0\" \"24: 255.255.255.0\" \"25: 255.255.255.128\" \"26: 255.255.255.192\" \"27: 255.255.255.224\" \"28: 255.255.255.240\" \"29: 255.255.255.248\" \"30: 255.255.255.252\" \"31: 255.255.255.254\" \"32: 255.255.255.255\" "
set __widgetArgs(masq__mframe1__export) "1"
set __widgetArgs(denyptp__frame1__default) ""
set __widgetArgs(allowservicesglobal__label1__help) "Firewall support must be compiled into the kernel. If it is not, then you must configure and build a new kernel; see the Kernel HOWTO for instructions."
set __widgetArgs(masq__masqsystem__text) "Computer to masquerade"
set __widgetArgs(defaultinetpolicy__label1__help) "No Help"
set __widgetArgs(allowlocalhosts__label4__comboWidth) "0"
set __widgetArgs(denylocalhosts__direction__entryhelp) " \"Inbound\" \"Service requests coming in from host(s) on the Intenet.\" \"Outbound\" \"Service requests going out to host(s) on the Internet.\" "
set __widgetArgs(allowservicesglobal__allowedservices__help) "No Help"
set __widgetArgs(allowlocalhosts__label1__text) "Firewall support"
set __widgetArgs(general__classmask__help) "Your local network is a Private-Address network, and you have subnetted it. This means that rules are being generated only for the subnet that your firewall is directly attached to. This can lead to incomplete support of hosts on other subnets of your local network. 

If you check this checkbox, the rules will for be the entire Private-Address space. 

For example, if your local network is 10.1.0.0/255.255.0.0, hosts on the 10.2.0.0 subnet may have problems getting through the firewall. Checking this checkbox will make the local network rules test 10.0.0.0/255.0.0.0 instead of 10.1.0.0/255.255.0.0"
set __widgetArgs(masq__defaultpolicy__export) "1"
set __widgetArgs(allowhosts__direction__count) "5"
set __widgetArgs(denyhosts__hostnetmask__help) "If you entered the IP address or name for a specific host, select \"32: 255.255.255.255\" - this means that the address must match exactly for the packet to be accepted.
 If you entered a network address, or if you entered a host IP or name and want to match all of the hosts on the same network as that host, select the appropriate netmask for that network.
 WARNING: If you select \"0: 0.0.0.0\" then this rule will apply to *all* hosts on the Internet."
set __widgetArgs(allowptp__localhostIP__textafter) ""
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__type) "checkbox"
set __widgetArgs(allowlocalhosts__head1__background) "gray"
set __widgetArgs(denylocalhosts__deniedhosts__maxentries) "Inf"
set __widgetArgs(allowptp__hostnetmask__type) "combobox"
set __widgetArgs(allowservicesglobal__direction__entries) "Inbound Outbound"
set __widgetArgs(allowhosts__frame2__entries) "allowservice direction"
set __widgetArgs(masq__masqservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(isp__connection_type__anchor) "center"
set __widgetArgs(masq__mframe2__text) ""
set __widgetArgs(masq__hostallow__type) "checkbox"
set __widgetArgs(allowptp__frame2__type) "frame"
set __widgetArgs(allowptp__hostIP__export) "1"
set __widgetArgs(masq__masq_irc__default) "0"
set __widgetArgs(masq__masquerade__default) "0"
set __widgetArgs(allowservicesglobal__allowoutboundtcpwellknownports__text) "Allow outbound TCP to well-known ports?"
set __widgetArgs(allowhosts__frame3__type) "frame"
set __widgetArgs(masq__masqlist__orient) "left"
set __widgetArgs(allowservicesglobal__allowedservices__export) "1"
set __widgetArgs(general__classmask__export) "1"
set __widgetArgs(masq__label4__default) "is"
set __widgetArgs(general__blockXftp__type) "checkbox"
set __widgetArgs(denylocalhosts__deniedhosts__orient) "left"
set __widgetArgs(general__defaultpolicy__defaultIndex) "0"
set __widgetArgs(masq__mframe1__text) ""
set __widgetArgs(allowptp__masquerade__default) "0"
set __widgetArgs(allowptp__frame1__type) "frame"
set __widgetArgs(allowptp__frame2__orient) "left"
set __widgetArgs(denyhosts__hostIP__type) "entry"
set __widgetArgs(denyhosts__denyservice__comboWidth) "0"
set __widgetArgs(general__label1__default) "is"
set __widgetArgs(allowservicesglobal__direction__type) "radio"
set __widgetArgs(allowhosts__frame2__type) "frame"
set __widgetArgs(masq__masqservice__type) "combobox"
set __widgetArgs(masq__servicesbyhost__count) "2"
set __widgetArgs(denyptp__hostnetmask__noedit) "1"
set __widgetArgs(allowlocalhosts__line1__text) ""
set __widgetArgs(allowlocalhosts__line1__default) ""
set __widgetArgs(masq__frame2__export) "1"
set __widgetArgs(denylocalhosts__head1__type) "header"
set __widgetArgs(allowhosts__allowservice__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denylocalhosts__denyservice__default) ""
set __widgetArgs(isp__head2__export) "1"
set __widgetArgs(allowlocalhosts__head1__default) ""
set __widgetArgs(masq__masquerade__help) "Enable configuration of IP Masquerading.
This will set the default policy for forwarding to DENY for security reasons."
set __widgetArgs(denyhosts__deniedhosts__export) "1"
set __widgetArgs(allowlocalhosts__direction__export) "1"
set __widgetArgs(denylocalhosts__direction__entries) "Inbound Outbound"
set __widgetArgs(masq__mframe0__text) ""
set __widgetArgs(denylocalhosts__head1__background) "gray"
set __widgetArgs(denylocalhosts__deniedhosts__entries) "frame3"
set __widgetArgs(denyservicesglobal__denyservice__noedit) "0"
set __widgetArgs(denyservicesglobal__denyservice__text) "Service to block"
set __widgetArgs(general__head1__type) "header"
set __widgetArgs(allowlocalhosts__direction__count) "5"
set __widgetArgs(denyptp__label1__comboWidth) "0"
set __widgetArgs(allowhosts__frame1__type) "frame"
set __widgetArgs(isp__connection_type__help) "There are several ways to connect your computer to the Internet.

 If you're lucky, you have a direct connection over Ethernet (perhaps via an ISDN router, Frame Relay router, or some other high-speed link). If this is the case, your firewall really should be set up so that the Ethernet is on a different network adapter than your local network. This allows you to isolate your local network and control access much more easily. Having multiple network adapters in one computer is called \"Multihoming\".

 Otherwise, you probably have a dialup connection (perhaps via an ISDN modem) using PPP. If this is the case, you must consider the following factors:
 1. Do you establish the connection manually or do you use the Diald demand-dialer?
 Using Diald causes some extra configuration for proper handling of masquerading. This is handled automatically if you select one of the Diald options.
 2. Do you have users connecting to the firewall system via PPP?
 If you do, your PPP link is not guaranteed to use the ppp0 network device. PPP network devices are allocated on an on-demand basis. Depending on the mix of inbound and outbound traffic, your Internet connection might be on ppp0 once, then on ppp1 the next time. If you have any inbound PPP connections, select one of the \"ip-up\" PPP options."
set __widgetArgs(allowservicesglobal__line1__type) "line"
set __widgetArgs(denyptp__denyservice__entryhelp) ""
set __widgetArgs(isp__ISPIP__comboWidth) "0"
set __widgetArgs(masq__servicebyhost__text) "Block/Allow"
set __widgetArgs(allowlocalhosts__label4__anchor) "center"
set __widgetArgs(general__blockinetudp__type) "checkbox"
set __widgetArgs(allowhosts__allowservice__text) "Service to allow"
set __widgetArgs(allowlocalhosts__allowedhosts__export) "1"
set __widgetArgs(masq__label1__default) ""
set __widgetArgs(denyptp__line1__text) ""
set __widgetArgs(allowptp__frame2__entries) "allowservice direction masquerade"
set __widgetArgs(masq__masqservice__textafter) ""
set __widgetArgs(allowservicesglobal__allowservice__help) "Select a service from the list, or enter one in the form port\#(:port\#)/\[tcp|udp\]. For example, to allow inbound HTTP requests, enter \"80/tcp\". See the file /etc/services (from which this list was generated) for a list of services with some comments, or consult your ISP. 
Note: access to these services will be allowed for ALL hosts on the Internet. See \"Allow Hosts\" to limit access to specific hosts only."
set __widgetArgs(allowhosts__head1__type) "header"
set __widgetArgs(denyptp__hostnetmask__comboWidth) "0"
set __widgetArgs(isp__line2__help) "No Help"
set __widgetArgs(masq__frame0__entries) "masqsystem hostallow"
set __widgetArgs(masq__defaultpolicy__help) "If you wish to masquerade all local hosts unless explicitly blocked, select \"Allow\". If you wish to masquerade only certain hosts, select \"Block\"."
set __widgetArgs(denylocalhosts__label5__export) "1"
set __widgetArgs(denyhosts__SMTPBlockListFile__textafter) ""
set __widgetArgs(general__blockXall__type) "checkbox"
set __widgetArgs(masq__mframe0__entries) "masq_cuseeme masq_ftp masq_irc"
set __widgetArgs(masq__masq_vdolive__help) "Masquerade VDO Live traffic."
set __widgetArgs(denylocalhosts__direction__export) "1"
set __widgetArgs(denyservicesglobal__label1__export) "1"
set __widgetArgs(allowhosts__hostIP__orient) "left"
set __widgetArgs(denyptp__hostnetmask__default) ""
set __widgetArgs(isp__line1__help) "No Help"
set __widgetArgs(general__antispoof__default) "1"
set __widgetArgs(masq__head1__export) "1"
set __widgetArgs(denyptp__frame2__entries) "denyservice direction"
set __widgetArgs(allowhosts__allowedhosts__lines) "0"
set __widgetArgs(allowhosts__hostnetmask__noedit) "1"
set __widgetArgs(masq__label5__text) "Masquerade support modules"
set __widgetArgs(denyptp__line1__orient) "horizontal"
set __widgetArgs(allowptp__label1__export) "1"
set __widgetArgs(allowlocalhosts__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(allowptp__allowedhosts__count) "5"
set __widgetArgs(allowlocalhosts__frame3__text) ""
set __widgetArgs(general__outboundtraceroute__export) "1"
set __widgetArgs(allowptp__allowservice__entryhelp) ""
set __widgetArgs(denyhosts__frame1__orient) "left"
set __widgetArgs(masq__masq_quake__default) "0"
set __widgetArgs(masq__label4__text) "IP Forwarding support"
set __widgetArgs(denyhosts__denyservice__entryhelp) ""
set __widgetArgs(allowhosts__frame3__export) "1"
set __widgetArgs(denyptp__frame1__orient) "left"
set __widgetArgs(allowlocalhosts__hostIP__export) "1"
set __widgetArgs(masq__masq_cuseeme__export) "1"
set __widgetArgs(allowlocalhosts__frame2__text) ""
set __widgetArgs(allowlocalhosts__line1__orient) "horizontal"
set __widgetArgs(general__line2__default) ""
set __widgetArgs(masq__head1__background) "gray"
set __widgetArgs(isp__line1__export) "1"
set __widgetArgs(denyptp__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(allowlocalhosts__direction__text) ""
set __widgetArgs(allowptp__hostIP__comboWidth) "0"
set __widgetArgs(allowptp__hostIP__type) "entry"
set __widgetArgs(general__defaultpolicy__entries) "Deny Accept"
set __widgetArgs(denyhosts__HTTPBlockListFile__default) "/etc/HTTP-blocklist"
set __widgetArgs(masq__masqsystem__default) ""
set __widgetArgs(denyptp__deniedhosts__help) "No Help"
set __widgetArgs(denyservicesglobal__direction__entryhelp) " \"Inbound\" \"Service requests coming in from the Intenet.\" \"Outbound\" \"Service requests going out to the Internet.\" "
set __widgetArgs(allowlocalhosts__frame2__orient) "left"
set __widgetArgs(allowlocalhosts__frame1__text) ""
set __widgetArgs(denylocalhosts__label5__text) "Masquerading"
set __widgetArgs(isp__allow_192_net__export) "1"
set __widgetArgs(masq__label5__comboWidth) "0"
set __widgetArgs(denyptp__localhostIP__orient) "left"
set __widgetArgs(general__blockXftp__default) "0"
set __widgetArgs(allowlocalhosts__allowedhosts__default) ""
set __widgetArgs(general__line1__export) "1"
set __widgetArgs(masq__label2__text) "A local network"
set __widgetArgs(denyptp__direction__defaultIndex) "0"
set __widgetArgs(allowlocalhosts__allowservice__count) "10"
set __widgetArgs(masq__masqlist__text) ""
set __widgetArgs(allowptp__allowedhosts__help) "No Help"
set __widgetArgs(allowhosts__hostIP__type) "entry"
set __widgetArgs(isp__on_internet__help) "Uncheck this box if this system is a standalone server on your private network or boundary network or is otherwise not directly connected to the Internet.

 The firewall will protect this server only, and certain Internet-specific features (i.e. anti-spoofing, Private Network IP filtering and Masquerading) will not be generated."
set __widgetArgs(denyhosts__frame4__export) "1"
set __widgetArgs(denylocalhosts__hostIP__orient) "left"
set __widgetArgs(denyptp__hostnetmask__textafter) ""
set __widgetArgs(allowlocalhosts__frame2__default) ""
set __widgetArgs(denylocalhosts__label4__text) "IP Forwarding support"
set __widgetArgs(general__outboundtraceroute__help) "Traceroute sends UDP packets to (hopefully) unused UDP ports. If you're blocking UDP traffic then traceroute won't work.

This option allows outbound UDP packets to the port range traceroute defaults to using (33434-33523). 

If traceroute on your system uses a different UDP port range, you'll have to manually edit the generated file."
set __widgetArgs(masq__masquerade__anchor) "center"
set __widgetArgs(isp__allow_10_net__text) "Allow 10-net traffic through."
set __widgetArgs(isp__internal_firewall__type) "checkbox"
set __widgetArgs(masq__label1__text) "IP Masquerade support"
set __widgetArgs(denyhosts__HTTPBlockListFile__type) "entry"
set __widgetArgs(denyservicesglobal__direction__text) ""
set __widgetArgs(denyptp__localhostIP__text) "Local Host"
set __widgetArgs(general__antispoof__anchor) "center"
set __widgetArgs(allowservicesglobal__label1__type) "label"
set __widgetArgs(defaultinetpolicy__label1__type) "label"
set __widgetArgs(masq__masqservices__index) ""
set __widgetArgs(allowservicesglobal__allowedservices__type) "extentry"
set __widgetArgs(denylocalhosts__direction__defaultIndex) "0"
set __widgetArgs(general__classmask__type) "checkbox"
set __widgetArgs(denyservicesglobal__denyservice__default) ""
set __widgetArgs(masq__masq_irc__export) "1"
set __widgetArgs(denyhosts__hostnetmask__type) "combobox"
set __widgetArgs(denyhosts__SMTPBlockListFile__orient) "left"
set __widgetArgs(denyhosts__denyservice__text) "Service to deny"
set __widgetArgs(allowhosts__hostnetmask__textafter) ""
set __widgetArgs(masq__masq_quake__export) "1"
set __widgetArgs(denylocalhosts__direction__help) "No Help"
set __widgetArgs(denylocalhosts__frame3__default) ""
set __widgetArgs(isp__allow_172_net__default) "0"
set __widgetArgs(masq__defaultpolicy__entryhelp) " \"Allow\" \"Unless explicitly blocked, services will be masqueraded.\" \"Block\" \"Unless explicitly enabled, services will not be masqueraded.\" "
set __widgetArgs(allowptp__localhostIP__text) "Local Host"
set __widgetArgs(denylocalhosts__deniedhosts__text) ""
set __widgetArgs(denylocalhosts__frame3__export) "1"
set __widgetArgs(isp__allow_172_net__export) "1"
set __widgetArgs(isp__label1__textafter) ""
set __widgetArgs(masq__head3__text) "Computers to Masquerade"
set __widgetArgs(general__defaultpolicy__entryhelp) "\"Deny\" \"Unless explicitly accepted, packets will be discarded.\" \"Accept\" \"Unless explicitly blocked, packets will be accepted. (see below)\" "
set __widgetArgs(allowservicesglobal__allowservice__entryhelp) ""
set __widgetArgs(general__line2__help) "No Help"
set __widgetArgs(masq__label5__anchor) "center"
set __widgetArgs(masq__masqservices__export) "1"
set __widgetArgs(general__label2__anchor) "center"
set __widgetArgs(allowhosts__label1__anchor) "center"
set __widgetArgs(masq__defaultpolicy__defaultIndex) "0"
set __widgetArgs(denyhosts__hostnetmask__export) "1"
set __widgetArgs(masq__line2__orient) "horizontal"
set __widgetArgs(allowlocalhosts__label1__export) "1"
set __widgetArgs(denylocalhosts__line1__help) "No Help"
set __widgetArgs(denyhosts__line1__text) ""
set __widgetArgs(denylocalhosts__label1__text) "Firewall support"
set __widgetArgs(masq__head2__text) "Services to Masquerade"
set __widgetArgs(masq__masquerade__type) "checkbox"
set __widgetArgs(masq__mframe0__export) "1"
set __widgetArgs(masq__servicebyhost__entries) "\"tcpmux		1/tcp\" \"echo		7/tcp\" \"echo		7/udp\" \"discard		9/tcp\" \"discard		9/udp\" \"systat		11/tcp\" \"daytime		13/tcp\" \"daytime		13/udp\" \"netstat		15/tcp\" \"qotd		17/tcp\" \"chargen		19/tcp\" \"chargen		19/udp\" \"ftp		21/tcp\" \"telnet		23/tcp\" \"smtp		25/tcp\" \"time		37/tcp\" \"time		37/udp\" \"rlp		39/udp\" \"name		42/udp\" \"whois		43/tcp\" \"domain		53/tcp\" \"domain		53/udp\" \"mtp             57/tcp\" \"bootps		67/udp\" \"bootpc		68/udp\" \"tftp		69/udp\" \"gopher		70/tcp\" \"rje		77/tcp\" \"finger		79/tcp\" \"http		80/tcp\" \"www		80/tcp\" \"link		87/tcp\" \"kerberos	88/udp\" \"kerberos	88/tcp\" \"supdup		95/tcp\" \"hostnames	101/tcp\" \"x400		103/tcp\" \"pop		110/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/tcp\" \"sunrpc		111/udp\" \"sunrpc		111/udp\" \"auth		113/tcp\" \"sftp		115/tcp\" \"nntp            119/tcp\" \"ntp		123/tcp\" \"ntp		123/udp\" \"imap 		143/tcp\" \"NeWS		144/tcp\" \"snmp		161/udp\" \"exec		512/tcp\" \"biff		512/udp\" \"login		513/tcp\" \"who		513/udp\" \"shell		514/tcp\" \"syslog		514/udp\" \"printer		515/tcp\" \"talk		517/udp\" \"ntalk		518/udp\" \"efs             520/tcp\" \"route		520/udp\" \"timed		525/udp\" \"tempo           526/tcp\" \"courier		530/tcp\" \"conference      531/tcp\" \"netnews         532/tcp\" \"netwall         533/udp\" \"uucp		540/tcp\" \"klogin		543/tcp\" \"kshell		544/tcp\" \"remotefs        556/tcp\" \"rmonitor	560/udp\" \"monitor		561/udp\" \"pcserver	600/tcp\" \"mount		635/udp\" \"pcnfs		640/udp\" \"bwnfs		650/udp\" \"kerberos_master	751/udp\" \"kerberos_master	751/tcp\" \"krb5_prop	754/tcp\" \"listen		1025/tcp\" \"nterm		1026/tcp\" \"kpop		1109/tcp\" \"ingreslock      1524/tcp\" \"tnet            1600/tcp\" \"cfinger		2003/tcp\" \"nfs		2049/udp\" \"eklogin		2105/tcp\" \"krb524		4444/tcp\" \"irc		6667/tcp\" \"dos		7000/tcp\" \"linuxconf	98/tcp\" \"Echo_Request 8/icmp\" \"Router_Advertisement 9/icmp\" \"Router_Solicitation 10/icmp\" \"Timestamp_Req 13/icmp\" \"Addr_Mask_Req 17/icmp\""
set __widgetArgs(denyhosts__frame5__default) ""
set __widgetArgs(general__line1__help) "No Help"
set __widgetArgs(allowptp__line1__text) ""
set __widgetArgs(denyhosts__hostnetmask__textafter) ""
set __widgetArgs(denyservicesglobal__direction__default) "Inbound"
set __widgetArgs(denyptp__localhostIP__default) ""
set __widgetArgs(denyservicesglobal__deniedservices__lines) "0"
set __widgetArgs(denyhosts__UseSMTPBlockList__text) "Use SMTP Block List"
set __widgetArgs(allowhosts__allowservice__textafter) ""
set __widgetArgs(isp__connection_type__type) "menu"
set __widgetArgs(general__blockinetudp__default) "1"
set __widgetArgs(denyhosts__direction__text) ""
set __widgetArgs(isp__connection_type__entryhelp) " \"PPP (ppp0)\" \"Point-to-Point Protocol, permanently up or manually dialed. Dynamic IP address. No other PPP traffic.\" \"PPP + diald (sl0, ppp0)\" \"Demand-dialed PPP using the diald daemon. Dynamic IP address. No other PPP traffic.\" \"PPP (ip-up)\" \"Modem or ISDN Point-to-Point Protocol, permanently up or manually dialed. Dynamic or static IP address (as determined by pppd configuration). There may be other PPP traffic.\" \"PPP + diald (sl0, ip-up)\" \"Demand-dialed Modem or ISDN PPP using the diald daemon. Dynamic or static IP address (as determined by pppd configuration). There may be other PPP traffic.\" \"Static PPP (ppp0)\" \"Point-to-Point Protocol, permanently up or manually dialed. Static IP address. No other PPP traffic.\" \"Static PPP + diald (sl0, ppp0)\" \"Demand-dialed PPP using the diald daemon. Static IP address. No other PPP traffic.\" \"Multihomed Ethernet\" \"Local network on one ethernet device, the Internet on another. If you choose this option you may have to edit main.template in the module sources.\" \"ISDN PPP (ippp0)\" \"ISDN Point-to-Point Protocol, permanently up or manually dialed. Dynamic IP address. No other PPP traffic.\" \"ISDN PPP + diald (sl0, ippp0)\" \"Demand-dialed ISDN PPP using the diald daemon. Dynamic IP address. No other PPP traffic.\" \"Static ISDN PPP (ippp0)\" \"ISDN Point-to-Point Protocol, permanently up or manually dialed. Static IP address. No other PPP traffic.\" \"Static ISDN PPP + diald (sl0, ippp0)\" \"Demand-dialed ISDN PPP using the diald daemon. Static IP address. No other PPP traffic.\" \"Static SLIP (sl0)\" \"Serial Link IP, permanently up or manually dialed. Static IP address. No other SLIP traffic.\" \"Static SLIP + diald (sl0, sl1)\" \"Demand-dialed Serial Link IP using the diald daemon. Static IP address. No other SLIP traffic.\" "
set __widgetArgs(masq__head1__text) "IP Masquerade settings"
set __widgetArgs(denyptp__localhostIP__comboWidth) "0"
set __widgetArgs(isp__label1__anchor) "center"
set __widgetArgs(allowlocalhosts__hostIP__comboWidth) "0"
set __widgetArgs(allowhosts__line1__help) "No Help"
set __widgetArgs(allowptp__masquerade__help) "You may want to masquerade certain outbound traffic on the internal firewall of your boundary network, for example if you wish someone on your private network to be able to retrieve mail via POP from a system on the Internet. Check this checkbox to masquerade this traffic. 

Note: this can introduce security holes. Use with caution."
set __widgetArgs(masq__mframe2__orient) "left"
set __widgetArgs(allowptp__allowservice__export) "1"
set __widgetArgs(allowservicesglobal__allowservice__type) "combobox"
set __widgetArgs(allowptp__hostnetmask__entries) "	\" 0: 0.0.0.0\" \" 1: 128.0.0.0\" \" 2: 192.0.0.0\" \" 3: 224.0.0.0\" \" 4: 240.0.0.0\" \" 5: 248.0.0.0\" \" 6: 252.0.0.0\" \" 7: 254.0.0.0\" \" 8: 255.0.0.0\" \" 9: 255.128.0.0\" \"10: 255.192.0.0\" \"11: 255.224.0.0\" \"12: 255.240.0.0\" \"13: 255.248.0.0\" \"14: 255.252.0.0\" \"15: 255.254.0.0\" \"16: 255.255.0.0\" \"17: 255.255.128.0\" \"18: 255.255.192.0\" \"19: 255.255.224.0\" \"20: 255.255.240.0\" \"21: 255.255.248.0\" \"22: 255.255.252.0\" \"23: 255.255.254.0\" \"24: 255.255.255.0\" \"25: 255.255.255.128\" \"26: 255.255.255.192\" \"27: 255.255.255.224\" \"28: 255.255.255.240\" \"29: 255.255.255.248\" \"30: 255.255.255.252\" \"31: 255.255.255.254\" \"32: 255.255.255.255\" "
set __widgetArgs(allowlocalhosts__hostIP__text) "Local Host"
set __widgetArgs(masq__masq_cuseeme__text) "Masquerade CU-SeeMe (2.0.30+)"
set __widgetArgs(masq__servicesbyhost__maxentries) "Inf"
set __widgetArgs(denyhosts__direction__default) "Inbound"
set __widgetArgs(allowservicesglobal__label1__anchor) "center"
set __widgetArgs(isp__line2__type) "line"
set __widgetArgs(allowptp__frame1__orient) "left"
set __widgetArgs(masq__defaultpolicy__type) "radio"
set __widgetArgs(allowlocalhosts__label4__default) "is"
set __widgetArgs(general__blockXall__export) "1"
set __widgetArgs(masq__masqservices__default) ""
set __widgetArgs(denyhosts__denyservice__noedit) "0"
set __widgetArgs(allowhosts__direction__text) ""
set __widgetArgs(masq__masq_vdolive__type) "checkbox"
set __widgetArgs(allowlocalhosts__label5__comboWidth) "0"
set __widgetArgs(masq__frame1__export) "1"
set __widgetArgs(isp__head1__export) "1"
set __widgetArgs(general__blockinettcp__help) "The default policy is Accept. If you wish to increase security by making \"Deny\" the default policy for TCP packets on the Internet interface *only*, check this box. You will then have to explicitly list the TCP traffic to allow over the Internet interface."
set __widgetArgs(masq__masq_vdolive__default) "0"
set __widgetArgs(masq__masqlist__count) "2"
set __widgetArgs(denyptp__label1__text) "Firewall support"
set __widgetArgs(allowlocalhosts__frame3__entries) "frame1 frame2 line1"
set __widgetArgs(denyhosts__frame2__default) ""
set __widgetArgs(allowlocalhosts__allowedhosts__help) "No Help"
set __widgetArgs(masq__masqlist__default) ""
set __widgetArgs(isp__line1__type) "line"
set __widgetArgs(general__label4__text) "IP Forwarding support"
set __widgetArgs(isp__internal_firewall__export) "1"
set __widgetArgs(denyservicesglobal__deniedservices__entries) "denyservice direction"
set __widgetArgs(allowservicesglobal__allowoutboundtcpallports__export) "1"
set __widgetArgs(denyhosts__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(denyhosts__UseHTTPBlockList__help) "Rather than entering HTTP sites to block in this screen individually and regenerating your firewall file every time you change the list, you can put the list of addresses in a separate file and have the firewall process that file every time it runs.

 Outgoing HTTP requests to each IP address in that file will be blocked.

 You can use this to easily block those irritating ad-banner sites, pornography sites, or whatever."
set __widgetArgs(denyhosts__hostnetmask__default) ""
set __widgetArgs(allowlocalhosts__head1__type) "header"
set __widgetArgs(allowhosts__label1__textafter) "compiled into the kernel."
set __widgetArgs(masq__servicesbyhost__help) "Services to block or allow."
set __widgetArgs(allowhosts__hostnetmask__comboWidth) "0"
set __widgetArgs(general__head1__export) "1"
set __widgetArgs(masq__masq_quake__help) "Masquerade Quake network gaming traffic."
set __widgetArgs(general__inboundtraceroute__help) "Traceroute sends UDP packets to (hopefully) unused UDP ports. If you're blocking UDP traffic then traceroute won't work.

This option allows inbound UDP packets to the port range traceroute defaults to using (33434-33523). 

You probably shouldn't allow this unless you are trying to troubleshoot a problem, and then only for as long as you're troubleshooting - then turn it back off."
set __widgetArgs(general__inboundtraceroute__export) "1"
set __widgetArgs(denylocalhosts__label5__default) "has not"
set __widgetArgs(general__label3__text) "Local network"
set __widgetArgs(masq__mframe2__anchor) "center"
set __widgetArgs(allowptp__head1__help) "Services are things like Telnet for logins, SMTP for email, FTP for file transfer, HTTP for Webs, and so forth. Certain services you may want to provide even if your default policy is \"deny\", for example, HTTP to serve web pages."
set __widgetArgs(allowservicesglobal__allowedservices__index) ""
set __widgetArgs(denylocalhosts__label1__anchor) "center"
set __widgetArgs(allowservicesglobal__direction__default) "Inbound"
set __widgetArgs(allowhosts__frame2__default) ""
set __widgetArgs(general__antispoof__help) "\"Spoofing\" is when someone alters a packet they are sending over the Internet to your network so that it appears to have come from your local network rather than from the Internet. This can make them appear to be on your local network even though they aren't. 

If you enable anti-spoofing, the firewall will discard any packet that comes in from the Internet with its source address set to an address on your local net. 

You do not need to set this option if your local network uses one of the networks reserved for private use by RFC1597, as rules to block those addresses from the Internet are always generated."
set __widgetArgs(masq__masqservice__default) ""
set __widgetArgs(allowlocalhosts__label6__export) "1"
set __widgetArgs(masq__label1__comboWidth) "0"
############################################################
# __parent
############################################################
set __parent(general__label4) "top"
set __parent(masq__mframe0) "mframe2"
set __parent(general__blockXftp) "top"
set __parent(masq__mframe1) "mframe2"
set __parent(denyhosts__head1) "top"
set __parent(allowptp__hostnetmask) "frame1"
set __parent(isp__allow_192_net) "top"
set __parent(masq__mframe2) "top"
set __parent(denylocalhosts__label1) "top"
set __parent(denyptp__line1) "frame3"
set __parent(denyservicesglobal__denyservice) "deniedservices"
set __parent(denylocalhosts__deniedhosts) "top"
set __parent(allowptp__frame1) "frame3"
set __parent(general__line1) "top"
set __parent(masq__defaultpolicy) "top"
set __parent(denylocalhosts__label4) "top"
set __parent(allowptp__frame2) "frame3"
set __parent(general__line2) "top"
set __parent(denylocalhosts__label5) "top"
set __parent(allowptp__frame3) "allowedhosts"
set __parent(masq__masqsystem) "frame0"
set __parent(denyhosts__SMTPBlockListFile) "frame5"
set __parent(allowptp__direction) "frame2"
set __parent(denylocalhosts__direction) "frame2"
set __parent(denyhosts__frame1) "frame3"
set __parent(masq__masq_ftp) "mframe0"
set __parent(denyservicesglobal__label1) "top"
set __parent(allowlocalhosts__head1) "top"
set __parent(denyhosts__frame2) "frame3"
set __parent(denylocalhosts__head1) "top"
set __parent(denyhosts__frame3) "deniedhosts"
set __parent(masq__masq_raudio) "mframe1"
set __parent(denyservicesglobal__head1) "top"
set __parent(denyhosts__frame4) "top"
set __parent(denyhosts__HTTPBlockListFile) "frame4"
set __parent(denyhosts__frame5) "top"
set __parent(denyhosts__UseSMTPBlockList) "frame5"
set __parent(denyhosts__line1) "frame3"
set __parent(allowptp__hostIP) "frame1"
set __parent(general__blockinetudp) "top"
set __parent(allowservicesglobal__allowservice) "allowedservices"
set __parent(denylocalhosts__denyservice) "frame2"
set __parent(denyhosts__UseHTTPBlockList) "frame4"
set __parent(isp__connection_type) "top"
set __parent(masq__head1) "top"
set __parent(masq__head2) "top"
set __parent(masq__head3) "top"
set __parent(allowservicesglobal__allowedservices) "top"
set __parent(denyhosts__hostIP) "frame1"
set __parent(denyptp__frame1) "frame3"
set __parent(general__classmask) "top"
set __parent(denyptp__frame2) "frame3"
set __parent(isp__allow_10_net) "top"
set __parent(denyptp__frame3) "deniedhosts"
set __parent(general__label3a) "top"
set __parent(masq__masquerade) "top"
set __parent(allowptp__masquerade) "frame2"
set __parent(allowptp__allowservice) "frame2"
set __parent(allowlocalhosts__line1) "frame3"
set __parent(allowptp__allowedhosts) "top"
set __parent(allowptp__label1) "top"
set __parent(masq__masq_vdolive) "mframe1"
set __parent(denylocalhosts__line1) "frame3"
set __parent(isp__label1) "top"
set __parent(general__antispoof) "top"
set __parent(masq__masq_irc) "mframe0"
set __parent(denyhosts__direction) "frame2"
set __parent(denyhosts__label1) "top"
set __parent(general__blockXall) "top"
set __parent(denyptp__hostIP) "frame1"
set __parent(masq__line1) "top"
set __parent(general__outboundtraceroute) "top"
set __parent(masq__line2) "top"
set __parent(allowservicesglobal__label1) "top"
set __parent(masq__frame0) "frame1"
set __parent(masq__line3) "frame2"
set __parent(masq__frame1) "frame2"
set __parent(allowlocalhosts__frame1) "frame3"
set __parent(masq__frame2) "masqlist"
set __parent(isp__head1) "top"
set __parent(allowlocalhosts__frame2) "frame3"
set __parent(isp__head2) "top"
set __parent(allowlocalhosts__frame3) "allowedhosts"
set __parent(allowhosts__direction) "frame2"
set __parent(denyservicesglobal__deniedservices) "top"
set __parent(masq__masq_quake) "mframe1"
set __parent(allowhosts__head1) "top"
set __parent(denyhosts__deniedhosts) "top"
set __parent(general__defaultpolicy) "top"
set __parent(allowlocalhosts__direction) "frame2"
set __parent(allowhosts__frame1) "frame3"
set __parent(masq__servicebyhost) "servicesbyhost"
set __parent(allowservicesglobal__direction) "allowedservices"
set __parent(allowhosts__frame2) "frame3"
set __parent(denyptp__label1) "top"
set __parent(masq__masqservice) "masqservices"
set __parent(denyservicesglobal__direction) "deniedservices"
set __parent(allowhosts__frame3) "allowedhosts"
set __parent(allowptp__head1) "top"
set __parent(denyptp__deniedhosts) "top"
set __parent(denyptp__localhostIP) "frame3"
set __parent(isp__internal_firewall) "top"
set __parent(allowservicesglobal__head1) "top"
set __parent(allowhosts__allowservice) "frame2"
set __parent(denylocalhosts__frame1) "frame3"
set __parent(allowhosts__allowedhosts) "top"
set __parent(allowhosts__hostnetmask) "frame1"
set __parent(denylocalhosts__frame2) "frame3"
set __parent(isp__on_internet) "top"
set __parent(isp__ISPIP) "top"
set __parent(allowlocalhosts__hostIP) "frame1"
set __parent(denylocalhosts__frame3) "deniedhosts"
set __parent(isp__allow_172_net) "top"
set __parent(masq__masq_cuseeme) "mframe0"
set __parent(allowservicesglobal__allowoutboundtcpallports) "top"
set __parent(allowptp__localhostIP) "frame3"
set __parent(denyptp__direction) "frame2"
set __parent(isp__line1) "top"
set __parent(defaultinetpolicy__label1) "top"
set __parent(isp__line2) "top"
set __parent(allowhosts__hostIP) "frame1"
set __parent(denyptp__head1) "top"
set __parent(masq__servicesbyhost) "frame1"
set __parent(masq__hostallow) "frame0"
set __parent(masq__masqservices) "top"
set __parent(general__blockinettcp) "top"
set __parent(allowhosts__line1) "frame3"
set __parent(general__head1) "top"
set __parent(denyhosts__denyservice) "frame2"
set __parent(denyhosts__hostnetmask) "frame1"
set __parent(allowservicesglobal__allowoutboundtcpwellknownports) "top"
set __parent(allowlocalhosts__allowservice) "frame2"
set __parent(denylocalhosts__hostIP) "frame1"
set __parent(general__inboundtraceroute) "top"
set __parent(masq__label1) "top"
set __parent(allowlocalhosts__allowedhosts) "top"
set __parent(allowlocalhosts__label1) "top"
set __parent(allowptp__line1) "frame3"
set __parent(masq__label2) "top"
set __parent(allowservicesglobal__line1) "top"
set __parent(denyptp__denyservice) "frame2"
set __parent(denyptp__hostnetmask) "frame1"
set __parent(masq__label4) "top"
set __parent(allowlocalhosts__label4) "top"
set __parent(general__label1) "top"
set __parent(masq__label5) "top"
set __parent(allowlocalhosts__label5) "top"
set __parent(masq__masqlist) "top"
set __parent(general__label2) "top"
set __parent(allowlocalhosts__label6) "top"
set __parent(allowhosts__label1) "top"
set __parent(general__label3) "top"
############################################################
# __TKargs
############################################################
set __TKargs(denylocalhosts__label4__button) ""
set __TKargs(allowhosts__allowservice__packLabel) ""
set __TKargs(allowhosts__hostIP__packFrame) ""
set __TKargs(denylocalhosts__label4__labelAfter) ""
set __TKargs(isp__allow_172_net__frame) ""
set __TKargs(denylocalhosts__frame3__frame) ""
set __TKargs(denylocalhosts__denyservice__button) ""
set __TKargs(allowhosts__label1__packButton) ""
set __TKargs(masq__label2__packLabelAfter) ""
set __TKargs(denyptp__hostIP__packFrame) ""
set __TKargs(denyptp__hostnetmask__packLabelAfter) ""
set __TKargs(allowservicesglobal__label1__labelBefore) ""
set __TKargs(denylocalhosts__denyservice__frame) ""
set __TKargs(denylocalhosts__label5__label) ""
set __TKargs(allowlocalhosts__label6__packLabelAfter) ""
set __TKargs(allowhosts__allowservice__frame) ""
set __TKargs(general__label4__packFrame) " -anchor center"
set __TKargs(general__label3a__labelAfter) ""
set __TKargs(masq__masqservices__scrollbar) ""
set __TKargs(isp__internal_firewall__checkbutton) ""
set __TKargs(denyptp__label1__labelBefore) ""
set __TKargs(denylocalhosts__line1__frame) ""
set __TKargs(general__label1__labelAfter) ""
set __TKargs(isp__head1__packLabel) ""
set __TKargs(masq__masq_vdolive__frame) ""
set __TKargs(allowhosts__direction__packRadio) ""
set __TKargs(masq__frame0__frame) ""
set __TKargs(allowhosts__allowedhosts__scrollbarFrame) ""
set __TKargs(masq__masqservice__button) ""
set __TKargs(allowlocalhosts__label5__frame) ""
set __TKargs(denylocalhosts__direction__packRadio) ""
set __TKargs(allowhosts__direction__packFrame) ""
set __TKargs(allowptp__hostIP__packFrame) ""
set __TKargs(allowptp__frame3__frame) ""
set __TKargs(allowhosts__allowservice__button) ""
set __TKargs(allowservicesglobal__allowoutboundtcpwellknownports__packFrame) " -anchor center"
set __TKargs(isp__internal_firewall__pack) ""
set __TKargs(denyptp__deniedhosts__line) ""
set __TKargs(allowptp__allowservice__packButton) ""
set __TKargs(denylocalhosts__direction__packFrame) ""
set __TKargs(allowhosts__label1__packLabel) ""
set __TKargs(general__label3a__packLabelAfter) ""
set __TKargs(masq__label2__label) ""
set __TKargs(general__blockXall__checkbutton) ""
set __TKargs(general__label4__packButton) ""
set __TKargs(general__classmask__pack) ""
set __TKargs(masq__label2__button) ""
set __TKargs(allowptp__localhostIP__frame) ""
set __TKargs(masq__masqservices__packSubFrame) ""
set __TKargs(denyptp__label1__packLabel) ""
set __TKargs(allowptp__allowedhosts__line) ""
set __TKargs(allowlocalhosts__label1__labelAfter) ""
set __TKargs(isp__head2__packLabel) ""
set __TKargs(isp__label1__labelAfter) ""
set __TKargs(allowptp__hostnetmask__button) ""
set __TKargs(denylocalhosts__deniedhosts__frame) ""
set __TKargs(masq__servicesbyhost__scrollbar) ""
set __TKargs(allowlocalhosts__label1__packFrame) " -anchor center"
set __TKargs(denyhosts__direction__packSubFrame) ""
set __TKargs(denyptp__localhostIP__packLabelAfter) ""
set __TKargs(denyptp__line1__frame) ""
set __TKargs(masq__head3__frame) ""
set __TKargs(allowptp__allowedhosts__packScrollbarFrame) ""
set __TKargs(masq__masqsystem__packFrame) ""
set __TKargs(denylocalhosts__hostIP__frame) ""
set __TKargs(masq__masqservice__labelAfter) ""
set __TKargs(general__label3__label) ""
set __TKargs(allowlocalhosts__label4__packButton) ""
set __TKargs(allowptp__label1__packLabel) ""
set __TKargs(denyhosts__UseSMTPBlockList__packFrame) ""
set __TKargs(allowhosts__label1__labelBefore) ""
set __TKargs(denyhosts__deniedhosts__packScrollbar) ""
set __TKargs(general__label1__packLabelAfter) ""
set __TKargs(masq__masqlist__label) ""
set __TKargs(allowlocalhosts__allowedhosts__subFrame) ""
set __TKargs(masq__masquerade__pack) ""
set __TKargs(denyptp__denyservice__packFrame) ""
set __TKargs(allowlocalhosts__allowedhosts__packLine) ""
set __TKargs(masq__head1__packLabel) ""
set __TKargs(allowptp__allowedhosts__packFrame) ""
set __TKargs(denylocalhosts__label1__packFrame) " -anchor center"
set __TKargs(denyhosts__direction__packLabel) ""
set __TKargs(masq__masqsystem__labelAfter) ""
set __TKargs(isp__ISPIP__button) ""
set __TKargs(allowptp__hostIP__frame) ""
set __TKargs(allowptp__allowservice__entry) ""
set __TKargs(denyhosts__denyservice__packButton) ""
set __TKargs(masq__masqlist__packScrollbarFrame) ""
set __TKargs(allowlocalhosts__direction__packSubFrame) ""
set __TKargs(allowlocalhosts__label4__packLabelBefore) ""
set __TKargs(allowptp__allowservice__packLabelAfter) ""
set __TKargs(denyservicesglobal__label1__packLabel) ""
set __TKargs(isp__line2__pack) ""
set __TKargs(isp__line1__frame) ""
set __TKargs(general__defaultpolicy__subFrame) ""
set __TKargs(general__line1__frame) ""
set __TKargs(masq__masq_vdolive__pack) ""
set __TKargs(denyhosts__frame4__frame) ""
set __TKargs(allowservicesglobal__allowedservices__scrollbar) ""
set __TKargs(general__blockXall__packFrame) " -anchor center"
set __TKargs(masq__head2__packLabel) ""
set __TKargs(general__label4__button) ""
set __TKargs(denyhosts__deniedhosts__packSubFrame) ""
set __TKargs(denyptp__label1__packButton) ""
set __TKargs(denylocalhosts__deniedhosts__packFrame) ""
set __TKargs(isp__allow_172_net__checkbutton) ""
set __TKargs(isp__line1__pack) ""
set __TKargs(isp__ISPIP__packButton) ""
set __TKargs(allowservicesglobal__allowoutboundtcpallports__frame) ""
set __TKargs(denyptp__head1__packFrame) ""
set __TKargs(isp__ISPIP__packLabelAfter) ""
set __TKargs(denyhosts__HTTPBlockListFile__button) ""
set __TKargs(allowptp__allowservice__packFrame) ""
set __TKargs(denyhosts__SMTPBlockListFile__labelAfter) ""
set __TKargs(allowptp__hostnetmask__frame) ""
set __TKargs(denyptp__hostnetmask__packButton) ""
set __TKargs(allowlocalhosts__label4__packFrame) " -anchor center"
set __TKargs(allowhosts__hostnetmask__entry) ""
set __TKargs(isp__ISPIP__frame) ""
set __TKargs(denyhosts__denyservice__packFrame) ""
set __TKargs(denylocalhosts__frame2__frame) ""
set __TKargs(denyptp__deniedhosts__packLabel) ""
set __TKargs(masq__head3__packLabel) ""
set __TKargs(allowservicesglobal__direction__subFrame) ""
set __TKargs(denyhosts__hostIP__labelAfter) ""
set __TKargs(allowptp__allowservice__label) ""
set __TKargs(allowlocalhosts__allowedhosts__line) ""
set __TKargs(denylocalhosts__label4__label) ""
set __TKargs(denyptp__direction__subFrame) ""
set __TKargs(allowlocalhosts__label6__labelAfter) ""
set __TKargs(denyservicesglobal__direction__packRadio) ""
set __TKargs(general__blockinetudp__checkbutton) ""
set __TKargs(denyservicesglobal__deniedservices__subFrame) ""
set __TKargs(denyservicesglobal__head1__packLabel) ""
set __TKargs(masq__servicesbyhost__line) ""
set __TKargs(denyservicesglobal__direction__packFrame) ""
set __TKargs(denyptp__localhostIP__entry) ""
set __TKargs(denyptp__localhostIP__packFrame) ""
set __TKargs(allowlocalhosts__label5__packFrame) " -anchor center"
set __TKargs(masq__hostallow__frame) ""
set __TKargs(denyhosts__label1__packLabelBefore) ""
set __TKargs(masq__label1__packFrame) " -anchor center"
set __TKargs(denyhosts__line1__frame) ""
set __TKargs(denyservicesglobal__deniedservices__packLine) ""
set __TKargs(allowlocalhosts__label4__frame) ""
set __TKargs(denylocalhosts__label4__packFrame) " -anchor center"
set __TKargs(allowptp__frame2__frame) ""
set __TKargs(general__label3a__packFrame) " -anchor center"
set __TKargs(denyptp__direction__radio) ""
set __TKargs(denyptp__direction__frame) ""
set __TKargs(general__blockinettcp__checkbutton) ""
set __TKargs(denyservicesglobal__head1__frame) ""
set __TKargs(masq__label1__label) ""
set __TKargs(allowlocalhosts__label5__button) ""
set __TKargs(denylocalhosts__deniedhosts__scrollbarFrame) ""
set __TKargs(masq__label2__labelAfter) ""
set __TKargs(isp__on_internet__pack) ""
set __TKargs(allowhosts__hostnetmask__label) ""
set __TKargs(allowhosts__allowedhosts__label) ""
set __TKargs(denyhosts__hostIP__packFrame) ""
set __TKargs(allowlocalhosts__label6__packFrame) " -anchor center"
set __TKargs(isp__allow_10_net__checkbutton) ""
set __TKargs(general__label3__packLabelBefore) ""
set __TKargs(general__outboundtraceroute__pack) ""
set __TKargs(isp__connection_type__label) ""
set __TKargs(allowptp__hostIP__packButton) ""
set __TKargs(masq__label2__packFrame) " -anchor center"
set __TKargs(denylocalhosts__label1__frame) ""
set __TKargs(allowlocalhosts__head1__frame) ""
set __TKargs(denyhosts__deniedhosts__packLabel) ""
set __TKargs(denylocalhosts__label5__packFrame) " -anchor center"
set __TKargs(allowptp__hostnetmask__packEntry) ""
set __TKargs(isp__allow_192_net__packFrame) " -anchor center"
set __TKargs(denylocalhosts__head1__packLabel) ""
set __TKargs(allowservicesglobal__allowedservices__scrollbarFrame) ""
set __TKargs(allowservicesglobal__head1__label) " -background gray"
set __TKargs(masq__head2__frame) ""
set __TKargs(masq__label5__packButton) ""
set __TKargs(masq__defaultpolicy__packRadio) ""
set __TKargs(denyservicesglobal__direction__label) ""
set __TKargs(allowlocalhosts__label1__packLabelBefore) ""
set __TKargs(denyptp__localhostIP__label) ""
set __TKargs(allowhosts__direction__subFrame) ""
set __TKargs(masq__masqlist__packLabel) ""
set __TKargs(denyservicesglobal__deniedservices__packScrollbarFrame) ""
set __TKargs(general__label2__label) ""
set __TKargs(general__defaultpolicy__packRadio) ""
set __TKargs(masq__defaultpolicy__packFrame) " -anchor center"
set __TKargs(denyhosts__deniedhosts__line) ""
set __TKargs(denylocalhosts__label5__labelBefore) ""
set __TKargs(general__defaultpolicy__packFrame) " -fill x"
set __TKargs(denylocalhosts__hostIP__labelAfter) ""
set __TKargs(allowservicesglobal__allowservice__packFrame) ""
set __TKargs(masq__masqservices__packFrame) " -anchor center"
set __TKargs(masq__masqsystem__packLabelAfter) ""
set __TKargs(allowservicesglobal__allowoutboundtcpallports__packFrame) " -anchor center"
set __TKargs(general__line2__pack) ""
set __TKargs(allowptp__label1__frame) ""
set __TKargs(denyhosts__label1__packLabel) ""
set __TKargs(allowhosts__frame3__frame) ""
set __TKargs(denylocalhosts__label5__labelAfter) ""
set __TKargs(masq__masquerade__checkbutton) ""
set __TKargs(denylocalhosts__line1__pack) ""
set __TKargs(masq__label5__packLabelBefore) ""
set __TKargs(isp__ISPIP__packEntry) ""
set __TKargs(denylocalhosts__label4__labelBefore) ""
set __TKargs(allowservicesglobal__allowedservices__subFrame) ""
set __TKargs(general__line1__pack) ""
set __TKargs(masq__label1__button) ""
set __TKargs(isp__connection_type__packFrame) " -anchor center"
set __TKargs(masq__label4__packFrame) " -anchor center"
set __TKargs(denyptp__hostnetmask__button) ""
set __TKargs(allowptp__hostnetmask__packLabel) ""
set __TKargs(denyhosts__hostnetmask__labelAfter) ""
set __TKargs(general__blockXftp__checkbutton) ""
set __TKargs(denylocalhosts__direction__label) ""
set __TKargs(allowservicesglobal__allowedservices__packLine) ""
set __TKargs(denyptp__hostnetmask__entry) ""
set __TKargs(denyservicesglobal__denyservice__entry) ""
set __TKargs(denyservicesglobal__denyservice__button) ""
set __TKargs(general__label2__labelAfter) ""
set __TKargs(denyhosts__frame3__frame) ""
set __TKargs(masq__masq_quake__packFrame) ""
set __TKargs(general__outboundtraceroute__checkbutton) ""
set __TKargs(allowptp__line1__frame) ""
set __TKargs(allowhosts__line1__pack) ""
set __TKargs(masq__servicesbyhost__packFrame) ""
set __TKargs(allowhosts__allowservice__packLabelAfter) ""
set __TKargs(allowptp__masquerade__pack) ""
set __TKargs(denylocalhosts__label5__packLabelBefore) ""
set __TKargs(denyhosts__head1__packFrame) ""
set __TKargs(denyservicesglobal__label1__labelAfter) ""
set __TKargs(allowptp__direction__packSubFrame) ""
set __TKargs(allowlocalhosts__label6__label) ""
set __TKargs(masq__label5__packFrame) " -anchor center"
set __TKargs(denyhosts__hostnetmask__packLabelAfter) ""
set __TKargs(denyhosts__denyservice__entry) ""
set __TKargs(allowptp__head1__packLabel) ""
set __TKargs(general__blockXftp__frame) ""
set __TKargs(masq__label4__packLabelAfter) ""
set __TKargs(general__blockinettcp__pack) ""
set __TKargs(denylocalhosts__frame1__frame) ""
set __TKargs(allowhosts__line1__frame) ""
set __TKargs(allowlocalhosts__allowservice__labelAfter) ""
set __TKargs(allowservicesglobal__allowservice__entry) ""
set __TKargs(denyptp__denyservice__labelAfter) ""
set __TKargs(isp__ISPIP__packLabel) ""
set __TKargs(denyptp__localhostIP__packButton) ""
set __TKargs(general__blockinettcp__packFrame) ""
set __TKargs(denyhosts__label1__labelAfter) ""
set __TKargs(denyhosts__UseHTTPBlockList__pack) ""
set __TKargs(allowlocalhosts__hostIP__packButton) ""
set __TKargs(masq__masq_quake__pack) ""
set __TKargs(general__inboundtraceroute__pack) ""
set __TKargs(denylocalhosts__deniedhosts__packSubFrame) ""
set __TKargs(allowhosts__hostIP__frame) ""
set __TKargs(denyptp__deniedhosts__subFrame) ""
set __TKargs(allowlocalhosts__allowservice__packEntry) ""
set __TKargs(denyptp__hostnetmask__label) ""
set __TKargs(allowhosts__hostnetmask__button) ""
set __TKargs(denyservicesglobal__denyservice__label) ""
set __TKargs(masq__servicesbyhost__scrollbarFrame) ""
set __TKargs(allowptp__masquerade__frame) ""
set __TKargs(denylocalhosts__denyservice__packLabelAfter) ""
set __TKargs(general__antispoof__pack) ""
set __TKargs(allowptp__localhostIP__button) ""
set __TKargs(denyservicesglobal__deniedservices__label) ""
set __TKargs(masq__label5__frame) ""
set __TKargs(allowhosts__allowservice__labelAfter) ""
set __TKargs(allowlocalhosts__allowedhosts__packLabel) ""
set __TKargs(allowlocalhosts__label5__packButton) ""
set __TKargs(denyhosts__UseSMTPBlockList__frame) ""
set __TKargs(masq__servicebyhost__packEntry) ""
set __TKargs(denyptp__deniedhosts__packLine) ""
set __TKargs(isp__label1__packLabelAfter) ""
set __TKargs(masq__servicebyhost__entry) ""
set __TKargs(masq__masqlist__scrollbarFrame) ""
set __TKargs(denylocalhosts__denyservice__labelAfter) ""
set __TKargs(defaultinetpolicy__label1__labelAfter) ""
set __TKargs(denylocalhosts__label1__labelBefore) ""
set __TKargs(denyhosts__direction__radio) ""
set __TKargs(denyhosts__HTTPBlockListFile__packEntry) ""
set __TKargs(allowptp__frame1__frame) ""
set __TKargs(denyptp__hostIP__packLabelAfter) ""
set __TKargs(general__label3__button) ""
set __TKargs(denyhosts__direction__frame) ""
set __TKargs(general__label1__packLabel) ""
set __TKargs(denyservicesglobal__denyservice__packEntry) ""
set __TKargs(allowservicesglobal__head1__packFrame) ""
set __TKargs(allowservicesglobal__allowedservices__packFrame) ""
set __TKargs(general__classmask__packFrame) " -anchor center"
set __TKargs(masq__masq_raudio__frame) ""
set __TKargs(denyhosts__denyservice__label) ""
set __TKargs(allowptp__direction__packLabel) ""
set __TKargs(denyhosts__hostIP__frame) ""
set __TKargs(allowptp__direction__label) ""
set __TKargs(allowhosts__hostnetmask__packButton) ""
set __TKargs(allowservicesglobal__label1__packFrame) " -anchor center"
set __TKargs(allowservicesglobal__label1__labelAfter) ""
set __TKargs(allowhosts__hostIP__packEntry) ""
set __TKargs(allowhosts__hostnetmask__packLabelAfter) ""
set __TKargs(allowservicesglobal__allowservice__label) ""
set __TKargs(isp__label1__label) ""
set __TKargs(masq__label1__packButton) ""
set __TKargs(allowptp__label1__packButton) ""
set __TKargs(allowhosts__hostIP__packLabelAfter) ""
set __TKargs(isp__connection_type__button) ""
set __TKargs(isp__head2__frame) ""
set __TKargs(denyptp__hostIP__packEntry) ""
set __TKargs(masq__label2__packLabelBefore) ""
set __TKargs(general__label2__packLabel) ""
set __TKargs(denylocalhosts__denyservice__entry) ""
set __TKargs(masq__head1__frame) ""
set __TKargs(allowlocalhosts__allowservice__packLabel) ""
set __TKargs(general__label3__packLabelAfter) ""
set __TKargs(allowhosts__allowservice__entry) ""
set __TKargs(masq__mframe0__packFrame) ""
set __TKargs(defaultinetpolicy__label1__packLabel) ""
set __TKargs(denyservicesglobal__denyservice__packLabelAfter) ""
set __TKargs(general__label1__label) ""
set __TKargs(allowservicesglobal__direction__packSubFrame) ""
set __TKargs(denyservicesglobal__deniedservices__scrollbarFrame) ""
set __TKargs(general__label3a__label) ""
set __TKargs(denylocalhosts__label5__packLabelAfter) ""
set __TKargs(masq__masqservices__frame) ""
set __TKargs(masq__servicebyhost__packLabel) ""
set __TKargs(masq__servicebyhost__label) ""
set __TKargs(masq__defaultpolicy__label) ""
set __TKargs(denyhosts__HTTPBlockListFile__packLabel) ""
set __TKargs(denylocalhosts__label1__labelAfter) ""
set __TKargs(isp__internal_firewall__frame) ""
set __TKargs(denyhosts__HTTPBlockListFile__packLabelAfter) ""
set __TKargs(allowptp__hostIP__packEntry) ""
set __TKargs(denyhosts__deniedhosts__label) ""
set __TKargs(allowservicesglobal__direction__radio) ""
set __TKargs(allowservicesglobal__allowoutboundtcpallports__checkbutton) ""
set __TKargs(denyservicesglobal__denyservice__packLabel) ""
set __TKargs(masq__servicebyhost__labelAfter) ""
set __TKargs(masq__masqservices__scrollbarFrame) ""
set __TKargs(allowservicesglobal__direction__frame) ""
set __TKargs(general__label3__packLabel) ""
set __TKargs(masq__masqservice__frame) ""
set __TKargs(allowhosts__frame2__frame) ""
set __TKargs(denyhosts__hostIP__packLabelAfter) ""
set __TKargs(masq__mframe1__packFrame) ""
set __TKargs(denyptp__frame3__frame) ""
set __TKargs(allowptp__label1__packLabelBefore) ""
set __TKargs(allowhosts__hostIP__packLabel) ""
set __TKargs(allowptp__localhostIP__entry) ""
set __TKargs(general__defaultpolicy__radio) ""
set __TKargs(allowlocalhosts__label4__button) ""
set __TKargs(denyhosts__HTTPBlockListFile__frame) ""
set __TKargs(denylocalhosts__label4__packButton) ""
set __TKargs(general__label4__labelBefore) ""
set __TKargs(general__defaultpolicy__frame) ""
set __TKargs(masq__masq_raudio__pack) ""
set __TKargs(masq__servicesbyhost__packScrollbar) ""
set __TKargs(denyptp__hostIP__packLabel) ""
set __TKargs(denylocalhosts__head1__frame) ""
set __TKargs(allowlocalhosts__label6__packLabelBefore) ""
set __TKargs(masq__masqlist__packScrollbar) ""
set __TKargs(masq__masqlist__packSubFrame) ""
set __TKargs(denylocalhosts__denyservice__label) ""
set __TKargs(allowhosts__allowservice__label) ""
set __TKargs(general__label4__packLabel) ""
set __TKargs(denyhosts__frame2__frame) ""
set __TKargs(isp__connection_type__menu) ""
set __TKargs(masq__masqsystem__packEntry) ""
set __TKargs(allowlocalhosts__frame3__frame) ""
set __TKargs(allowlocalhosts__hostIP__packFrame) ""
set __TKargs(masq__masq_cuseeme__packFrame) ""
set __TKargs(general__label3a__packButton) ""
set __TKargs(denylocalhosts__hostIP__entry) ""
set __TKargs(masq__mframe2__packFrame) " -anchor center"
set __TKargs(general__label1__packButton) ""
set __TKargs(denyptp__deniedhosts__packSubFrame) ""
set __TKargs(denyhosts__HTTPBlockListFile__labelAfter) ""
set __TKargs(masq__label1__packLabelAfter) ""
set __TKargs(general__label3__labelBefore) ""
set __TKargs(general__label3a__labelBefore) ""
set __TKargs(allowservicesglobal__allowservice__labelAfter) ""
set __TKargs(allowlocalhosts__label5__label) ""
set __TKargs(allowhosts__direction__packLabel) ""
set __TKargs(allowlocalhosts__label5__packLabelAfter) ""
set __TKargs(allowptp__hostIP__packLabel) ""
set __TKargs(allowservicesglobal__allowedservices__packSubFrame) ""
set __TKargs(denylocalhosts__direction__packLabel) ""
set __TKargs(denyptp__denyservice__packEntry) ""
set __TKargs(masq__masqlist__line) ""
set __TKargs(general__blockinettcp__frame) ""
set __TKargs(allowhosts__label1__frame) ""
set __TKargs(denyptp__deniedhosts__scrollbarFrame) ""
set __TKargs(allowptp__localhostIP__label) ""
set __TKargs(denyservicesglobal__label1__packLabelAfter) ""
set __TKargs(allowservicesglobal__label1__frame) ""
set __TKargs(allowservicesglobal__allowoutboundtcpwellknownports__pack) ""
set __TKargs(denyptp__head1__frame) ""
set __TKargs(general__label2__labelBefore) ""
set __TKargs(allowptp__hostIP__entry) ""
set __TKargs(denylocalhosts__hostIP__packFrame) ""
set __TKargs(allowhosts__allowedhosts__scrollbar) ""
set __TKargs(general__outboundtraceroute__packFrame) ""
set __TKargs(denylocalhosts__deniedhosts__label) ""
set __TKargs(allowlocalhosts__label1__packButton) ""
set __TKargs(isp__label1__packButton) ""
set __TKargs(defaultinetpolicy__label1__frame) ""
set __TKargs(allowlocalhosts__label1__packLabel) ""
set __TKargs(isp__on_internet__packFrame) " -anchor center"
set __TKargs(allowhosts__hostIP__button) ""
set __TKargs(denylocalhosts__deniedhosts__packScrollbarFrame) ""
set __TKargs(denyptp__hostIP__frame) ""
set __TKargs(denyhosts__denyservice__button) ""
set __TKargs(masq__head3__label) " -background gray"
set __TKargs(denylocalhosts__denyservice__packFrame) ""
set __TKargs(masq__masqsystem__packLabel) ""
set __TKargs(masq__label4__frame) ""
set __TKargs(denylocalhosts__direction__subFrame) ""
set __TKargs(allowlocalhosts__line1__pack) ""
set __TKargs(denylocalhosts__hostIP__label) ""
set __TKargs(denyhosts__label1__frame) ""
set __TKargs(denyservicesglobal__deniedservices__scrollbar) ""
set __TKargs(masq__masqservice__packButton) ""
set __TKargs(denyptp__denyservice__frame) ""
set __TKargs(general__label1__labelBefore) ""
set __TKargs(allowservicesglobal__allowedservices__frame) ""
set __TKargs(general__classmask__frame) ""
set __TKargs(denylocalhosts__deniedhosts__subFrame) ""
set __TKargs(masq__servicesbyhost__packScrollbarFrame) ""
set __TKargs(allowptp__hostnetmask__labelAfter) ""
set __TKargs(denylocalhosts__deniedhosts__line) ""
set __TKargs(allowservicesglobal__label1__packLabelBefore) ""
set __TKargs(allowlocalhosts__allowedhosts__frame) ""
set __TKargs(denyservicesglobal__denyservice__labelAfter) ""
set __TKargs(denyservicesglobal__label1__frame) ""
set __TKargs(denyptp__denyservice__packLabel) ""
set __TKargs(allowptp__allowservice__packEntry) ""
set __TKargs(allowlocalhosts__hostIP__frame) ""
set __TKargs(masq__masq_cuseeme__frame) ""
set __TKargs(denylocalhosts__deniedhosts__packLine) ""
set __TKargs(allowptp__hostnetmask__entry) ""
set __TKargs(isp__allow_192_net__frame) ""
set __TKargs(isp__ISPIP__entry) ""
set __TKargs(allowptp__allowedhosts__packLabel) ""
set __TKargs(denyhosts__denyservice__packEntry) ""
set __TKargs(denyptp__line1__pack) ""
set __TKargs(denylocalhosts__label1__packLabel) ""
set __TKargs(denyhosts__hostnetmask__frame) ""
set __TKargs(allowptp__localhostIP__packFrame) ""
set __TKargs(isp__head1__frame) ""
set __TKargs(allowptp__hostIP__label) ""
set __TKargs(general__head1__frame) ""
set __TKargs(masq__masqsystem__packButton) ""
set __TKargs(allowhosts__head1__packFrame) ""
set __TKargs(denyhosts__UseHTTPBlockList__checkbutton) ""
set __TKargs(defaultinetpolicy__label1__packLabelBefore) ""
set __TKargs(general__label3__labelAfter) ""
set __TKargs(denyhosts__SMTPBlockListFile__packLabelAfter) ""
set __TKargs(denyptp__localhostIP__packEntry) ""
set __TKargs(denyptp__deniedhosts__frame) ""
set __TKargs(denyptp__localhostIP__button) ""
set __TKargs(general__blockinetudp__packFrame) ""
set __TKargs(denylocalhosts__deniedhosts__packLabel) ""
set __TKargs(allowlocalhosts__allowedhosts__scrollbarFrame) ""
set __TKargs(denyptp__head1__packLabel) ""
set __TKargs(allowhosts__frame1__packFrame) ""
set __TKargs(denylocalhosts__hostIP__button) ""
set __TKargs(allowhosts__frame1__frame) ""
set __TKargs(allowptp__allowservice__packLabel) ""
set __TKargs(general__head1__packFrame) ""
set __TKargs(masq__label5__button) ""
set __TKargs(masq__masqservices__packScrollbar) ""
set __TKargs(general__label2__button) ""
set __TKargs(denyptp__frame2__frame) ""
set __TKargs(allowptp__hostnetmask__label) ""
set __TKargs(allowhosts__label1__button) ""
set __TKargs(allowlocalhosts__label4__packLabel) ""
set __TKargs(general__defaultpolicy__packSubFrame) ""
set __TKargs(denyhosts__SMTPBlockListFile__packButton) ""
set __TKargs(allowservicesglobal__line1__frame) ""
set __TKargs(isp__ISPIP__label) ""
set __TKargs(denyptp__deniedhosts__packScrollbar) ""
set __TKargs(denyhosts__hostIP__packEntry) ""
set __TKargs(denyhosts__denyservice__packLabel) ""
set __TKargs(denyptp__frame1__packFrame) ""
set __TKargs(denyptp__label1__packLabelAfter) ""
set __TKargs(denyhosts__SMTPBlockListFile__button) ""
set __TKargs(allowhosts__direction__radio) ""
set __TKargs(allowlocalhosts__head1__packFrame) ""
set __TKargs(allowservicesglobal__direction__packRadio) ""
set __TKargs(denyhosts__hostIP__packButton) ""
set __TKargs(allowhosts__direction__frame) ""
set __TKargs(allowservicesglobal__direction__packFrame) ""
set __TKargs(masq__masqservice__packFrame) ""
set __TKargs(denyhosts__head1__frame) ""
set __TKargs(allowhosts__frame2__packFrame) ""
set __TKargs(allowservicesglobal__allowservice__button) ""
set __TKargs(masq__masq_ftp__frame) ""
set __TKargs(denyhosts__frame1__frame) ""
set __TKargs(allowlocalhosts__frame2__frame) ""
set __TKargs(allowlocalhosts__label6__packButton) ""
set __TKargs(denyservicesglobal__direction__packLabel) ""
set __TKargs(denyptp__localhostIP__packLabel) ""
set __TKargs(denyptp__denyservice__packLabelAfter) ""
set __TKargs(denyhosts__SMTPBlockListFile__packFrame) ""
set __TKargs(allowlocalhosts__label5__packLabel) ""
set __TKargs(denyhosts__SMTPBlockListFile__frame) ""
set __TKargs(denyhosts__UseHTTPBlockList__frame) ""
set __TKargs(isp__label1__button) ""
set __TKargs(allowptp__frame1__packFrame) ""
set __TKargs(allowhosts__hostIP__labelAfter) ""
set __TKargs(masq__label1__packLabel) ""
set __TKargs(allowhosts__label1__packLabelAfter) ""
set __TKargs(denyptp__frame2__packFrame) ""
set __TKargs(allowservicesglobal__allowservice__packEntry) ""
set __TKargs(allowptp__hostnetmask__packLabelAfter) ""
set __TKargs(allowlocalhosts__label4__label) ""
set __TKargs(denylocalhosts__label4__packLabel) ""
set __TKargs(allowservicesglobal__label1__button) ""
set __TKargs(general__label3a__packLabel) ""
set __TKargs(denyptp__direction__label) ""
set __TKargs(allowhosts__allowedhosts__packSubFrame) ""
set __TKargs(isp__allow_192_net__checkbutton) ""
set __TKargs(masq__masq_vdolive__packFrame) ""
set __TKargs(denyservicesglobal__head1__label) " -background gray"
set __TKargs(isp__allow_10_net__pack) ""
set __TKargs(allowhosts__frame3__packFrame) ""
set __TKargs(denyservicesglobal__label1__labelBefore) ""
set __TKargs(denyservicesglobal__deniedservices__line) ""
set __TKargs(masq__servicesbyhost__frame) ""
set __TKargs(masq__masqsystem__frame) ""
set __TKargs(general__blockinetudp__frame) ""
set __TKargs(masq__label2__packButton) ""
set __TKargs(denyhosts__hostIP__packLabel) ""
set __TKargs(allowlocalhosts__label6__packLabel) ""
set __TKargs(denyptp__label1__frame) ""
set __TKargs(allowlocalhosts__direction__packRadio) ""
set __TKargs(allowptp__frame2__packFrame) ""
set __TKargs(allowlocalhosts__direction__radio) ""
set __TKargs(masq__label2__packLabel) ""
set __TKargs(denyptp__frame3__packFrame) ""
set __TKargs(denylocalhosts__label1__label) ""
set __TKargs(allowlocalhosts__direction__packFrame) ""
set __TKargs(allowlocalhosts__head1__label) " -background gray"
set __TKargs(allowlocalhosts__direction__frame) ""
set __TKargs(allowlocalhosts__allowservice__button) ""
set __TKargs(denylocalhosts__label5__packLabel) ""
set __TKargs(general__label2__packLabelBefore) ""
set __TKargs(denyhosts__label1__packLabelAfter) ""
set __TKargs(masq__head2__label) " -background gray"
set __TKargs(denylocalhosts__label1__button) ""
set __TKargs(masq__masq_cuseeme__checkbutton) ""
set __TKargs(masq__masq_irc__frame) ""
set __TKargs(masq__servicesbyhost__subFrame) ""
set __TKargs(masq__masq_quake__frame) ""
set __TKargs(masq__defaultpolicy__packLabel) ""
set __TKargs(allowlocalhosts__label1__frame) ""
set __TKargs(general__defaultpolicy__packLabel) ""
set __TKargs(allowservicesglobal__allowservice__packLabel) ""
set __TKargs(allowptp__frame3__packFrame) ""
set __TKargs(general__inboundtraceroute__frame) ""
set __TKargs(masq__servicesbyhost__packLine) ""
set __TKargs(allowptp__localhostIP__packLabelAfter) ""
set __TKargs(denylocalhosts__hostIP__packButton) ""
set __TKargs(masq__masqservices__packLabel) ""
set __TKargs(denyhosts__line1__pack) ""
set __TKargs(denyptp__direction__packRadio) ""
set __TKargs(allowlocalhosts__label6__labelBefore) ""
set __TKargs(allowptp__label1__label) ""
set __TKargs(masq__masq_ftp__checkbutton) ""
set __TKargs(denyptp__direction__packFrame) ""
set __TKargs(allowptp__localhostIP__labelAfter) ""
set __TKargs(masq__masqservices__line) ""
set __TKargs(denylocalhosts__deniedhosts__packScrollbar) ""
set __TKargs(allowservicesglobal__allowedservices__packScrollbar) ""
set __TKargs(allowptp__line1__pack) ""
set __TKargs(denylocalhosts__label5__packButton) ""
set __TKargs(general__label4__frame) ""
set __TKargs(denyptp__hostnetmask__packFrame) ""
set __TKargs(denyhosts__UseSMTPBlockList__pack) ""
set __TKargs(denyptp__deniedhosts__scrollbar) ""
set __TKargs(isp__connection_type__packLabel) ""
set __TKargs(general__label3a__packLabelBefore) ""
set __TKargs(masq__label4__packLabel) ""
set __TKargs(allowptp__allowedhosts__frame) ""
set __TKargs(masq__label4__packLabelBefore) ""
set __TKargs(masq__masq_raudio__checkbutton) ""
set __TKargs(denyptp__direction__packSubFrame) ""
set __TKargs(allowptp__head1__frame) ""
set __TKargs(allowhosts__hostIP__entry) ""
set __TKargs(allowlocalhosts__label5__labelBefore) ""
set __TKargs(allowptp__hostIP__packLabelAfter) ""
set __TKargs(denyhosts__hostnetmask__packButton) ""
set __TKargs(isp__connection_type__packLabelAfter) ""
set __TKargs(masq__masq_cuseeme__pack) ""
set __TKargs(defaultinetpolicy__label1__button) ""
set __TKargs(general__label2__packButton) ""
set __TKargs(allowhosts__hostnetmask__packFrame) ""
set __TKargs(allowhosts__allowedhosts__packFrame) ""
set __TKargs(masq__servicesbyhost__packLabel) ""
set __TKargs(isp__connection_type__labelAfter) ""
set __TKargs(denyhosts__head1__packLabel) ""
set __TKargs(masq__label5__packLabel) ""
set __TKargs(allowhosts__head1__frame) ""
set __TKargs(isp__label1__packFrame) " -anchor center"
set __TKargs(masq__label4__labelAfter) ""
set __TKargs(denyservicesglobal__label1__packButton) ""
set __TKargs(denylocalhosts__direction__packSubFrame) ""
set __TKargs(allowlocalhosts__label4__labelBefore) ""
set __TKargs(denyhosts__hostIP__entry) ""
set __TKargs(denylocalhosts__label4__packLabelBefore) ""
set __TKargs(denyptp__frame1__frame) ""
set __TKargs(denyservicesglobal__deniedservices__packFrame) ""
set __TKargs(general__antispoof__frame) ""
set __TKargs(denyptp__hostIP__labelAfter) ""
set __TKargs(allowptp__masquerade__packFrame) ""
set __TKargs(denyservicesglobal__deniedservices__packSubFrame) ""
set __TKargs(allowlocalhosts__allowservice__packButton) ""
set __TKargs(allowlocalhosts__allowservice__frame) ""
set __TKargs(masq__mframe2__frame) ""
set __TKargs(denyptp__denyservice__packButton) ""
set __TKargs(isp__on_internet__frame) ""
set __TKargs(denyhosts__hostIP__button) ""
set __TKargs(denyhosts__hostnetmask__packFrame) ""
set __TKargs(denylocalhosts__hostIP__packLabelAfter) ""
set __TKargs(denyhosts__label1__packButton) ""
set __TKargs(denyhosts__deniedhosts__scrollbar) ""
set __TKargs(allowhosts__hostIP__label) ""
set __TKargs(allowlocalhosts__frame1__frame) ""
set __TKargs(allowhosts__allowservice__packFrame) ""
set __TKargs(isp__on_internet__checkbutton) ""
set __TKargs(masq__defaultpolicy__packSubFrame) ""
set __TKargs(masq__label5__label) ""
set __TKargs(denyptp__hostIP__button) ""
set __TKargs(denyhosts__deniedhosts__scrollbarFrame) ""
set __TKargs(allowhosts__label1__labelAfter) ""
set __TKargs(allowhosts__allowservice__packButton) ""
set __TKargs(masq__masqlist__scrollbar) ""
set __TKargs(isp__internal_firewall__packFrame) " -anchor center"
set __TKargs(denylocalhosts__denyservice__packButton) ""
set __TKargs(defaultinetpolicy__label1__packButton) ""
set __TKargs(allowlocalhosts__allowedhosts__packScrollbarFrame) ""
set __TKargs(denyhosts__direction__label) ""
set __TKargs(denyservicesglobal__direction__subFrame) ""
set __TKargs(denylocalhosts__label5__frame) ""
set __TKargs(allowservicesglobal__head1__packLabel) ""
set __TKargs(allowservicesglobal__allowedservices__packLabel) ""
set __TKargs(general__outboundtraceroute__frame) ""
set __TKargs(masq__masq_ftp__packFrame) ""
set __TKargs(masq__masqservice__entry) ""
set __TKargs(denyhosts__frame1__packFrame) ""
set __TKargs(denyhosts__hostIP__label) ""
set __TKargs(isp__allow_172_net__pack) ""
set __TKargs(allowservicesglobal__label1__packLabel) ""
set __TKargs(general__inboundtraceroute__checkbutton) ""
set __TKargs(allowservicesglobal__label1__packButton) ""
set __TKargs(isp__head1__packFrame) ""
set __TKargs(masq__label4__button) ""
set __TKargs(denyhosts__HTTPBlockListFile__entry) ""
set __TKargs(general__label1__button) ""
set __TKargs(general__blockXall__frame) ""
set __TKargs(allowptp__allowservice__labelAfter) ""
set __TKargs(isp__head2__label) " -background gray"
set __TKargs(allowhosts__label1__packFrame) " -anchor center"
set __TKargs(general__label4__labelAfter) ""
set __TKargs(masq__head1__label) " -background gray"
set __TKargs(masq__masqsystem__button) ""
set __TKargs(masq__servicebyhost__packLabelAfter) ""
set __TKargs(masq__label2__frame) ""
set __TKargs(allowlocalhosts__label1__labelBefore) ""
set __TKargs(denyhosts__frame2__packFrame) ""
set __TKargs(allowlocalhosts__hostIP__packLabelAfter) ""
set __TKargs(allowlocalhosts__hostIP__packEntry) ""
set __TKargs(masq__label1__packLabelBefore) ""
set __TKargs(allowservicesglobal__allowoutboundtcpwellknownports__frame) ""
set __TKargs(defaultinetpolicy__label1__packLabelAfter) ""
set __TKargs(denyptp__label1__packFrame) " -anchor center"
set __TKargs(denyptp__label1__packLabelBefore) ""
set __TKargs(isp__label1__labelBefore) ""
set __TKargs(masq__masqservices__label) ""
set __TKargs(isp__head2__packFrame) ""
set __TKargs(allowlocalhosts__allowservice__packLabelAfter) ""
set __TKargs(general__label3a__button) ""
set __TKargs(denylocalhosts__label1__packButton) ""
set __TKargs(general__label2__packLabelAfter) ""
set __TKargs(general__classmask__checkbutton) ""
set __TKargs(allowservicesglobal__direction__label) ""
set __TKargs(denyservicesglobal__deniedservices__packScrollbar) ""
set __TKargs(masq__masqservice__label) ""
set __TKargs(denyhosts__label1__labelBefore) ""
set __TKargs(denyhosts__label1__button) ""
set __TKargs(allowhosts__allowedhosts__subFrame) ""
set __TKargs(masq__servicebyhost__packButton) ""
set __TKargs(allowlocalhosts__label4__labelAfter) ""
set __TKargs(denyhosts__frame3__packFrame) ""
set __TKargs(denylocalhosts__label4__packLabelAfter) ""
set __TKargs(isp__allow_192_net__pack) ""
set __TKargs(general__label3__frame) ""
set __TKargs(allowptp__label1__packFrame) " -anchor center"
set __TKargs(denylocalhosts__label1__packLabelBefore) ""
set __TKargs(masq__servicebyhost__button) ""
set __TKargs(masq__line3__frame) ""
set __TKargs(denyhosts__HTTPBlockListFile__label) ""
set __TKargs(allowhosts__allowedhosts__packLine) ""
set __TKargs(denyptp__label1__button) ""
set __TKargs(general__defaultpolicy__label) ""
set __TKargs(masq__masqlist__frame) ""
set __TKargs(denylocalhosts__hostIP__packEntry) ""
set __TKargs(denylocalhosts__head1__label) " -background gray"
set __TKargs(masq__masq_irc__pack) ""
set __TKargs(masq__masquerade__frame) ""
set __TKargs(denyptp__hostIP__entry) ""
set __TKargs(denylocalhosts__denyservice__packEntry) ""
set __TKargs(masq__head1__packFrame) ""
set __TKargs(denyhosts__direction__packRadio) ""
set __TKargs(denyhosts__deniedhosts__subFrame) ""
set __TKargs(allowlocalhosts__hostIP__packLabel) ""
set __TKargs(denyptp__denyservice__button) ""
set __TKargs(allowlocalhosts__label5__packLabelBefore) ""
set __TKargs(denyhosts__frame4__packFrame) " -anchor center"
set __TKargs(denyhosts__denyservice__labelAfter) ""
set __TKargs(denyhosts__direction__packFrame) ""
set __TKargs(masq__masq_vdolive__checkbutton) ""
set __TKargs(denyptp__denyservice__entry) ""
set __TKargs(allowhosts__allowedhosts__packScrollbarFrame) ""
set __TKargs(allowlocalhosts__allowedhosts__scrollbar) ""
set __TKargs(allowhosts__allowedhosts__line) ""
set __TKargs(masq__label5__labelBefore) ""
set __TKargs(denyhosts__deniedhosts__packLine) ""
set __TKargs(denyhosts__HTTPBlockListFile__packButton) ""
set __TKargs(allowservicesglobal__allowedservices__packScrollbarFrame) ""
set __TKargs(allowservicesglobal__allowservice__packButton) ""
set __TKargs(denyservicesglobal__label1__packFrame) " -anchor center"
set __TKargs(allowlocalhosts__hostIP__entry) ""
set __TKargs(allowptp__hostIP__button) ""
set __TKargs(denyptp__label1__labelAfter) ""
set __TKargs(masq__head2__packFrame) ""
set __TKargs(allowhosts__label1__label) ""
set __TKargs(denyservicesglobal__direction__packSubFrame) ""
set __TKargs(isp__ISPIP__labelAfter) ""
set __TKargs(denyhosts__denyservice__packLabelAfter) ""
set __TKargs(denyhosts__frame5__packFrame) " -anchor center"
set __TKargs(denyhosts__hostnetmask__entry) ""
set __TKargs(allowservicesglobal__label1__label) ""
set __TKargs(masq__mframe1__frame) ""
set __TKargs(allowptp__localhostIP__packEntry) ""
set __TKargs(denyptp__head1__label) " -background gray"
set __TKargs(allowlocalhosts__label4__packLabelAfter) ""
set __TKargs(masq__label4__labelBefore) ""
set __TKargs(masq__frame2__frame) ""
set __TKargs(denylocalhosts__hostIP__packLabel) ""
set __TKargs(allowhosts__direction__packSubFrame) ""
set __TKargs(defaultinetpolicy__label1__label) ""
set __TKargs(denyptp__hostnetmask__labelAfter) ""
set __TKargs(allowptp__allowedhosts__packSubFrame) ""
set __TKargs(masq__masq_raudio__packFrame) ""
set __TKargs(denyptp__hostIP__label) ""
set __TKargs(denylocalhosts__denyservice__packLabel) ""
set __TKargs(masq__label4__label) ""
set __TKargs(denyptp__deniedhosts__packFrame) ""
set __TKargs(masq__head3__packFrame) ""
set __TKargs(denyhosts__label1__label) ""
set __TKargs(allowhosts__allowedhosts__packScrollbar) ""
set __TKargs(denyptp__denyservice__label) ""
set __TKargs(allowptp__allowservice__frame) ""
set __TKargs(allowservicesglobal__allowedservices__label) ""
set __TKargs(denylocalhosts__label4__frame) ""
set __TKargs(allowlocalhosts__allowedhosts__label) ""
set __TKargs(allowservicesglobal__allowoutboundtcpwellknownports__checkbutton) ""
set __TKargs(allowptp__label1__packLabelAfter) ""
set __TKargs(denyservicesglobal__label1__label) ""
set __TKargs(allowptp__hostnetmask__packButton) ""
set __TKargs(denyservicesglobal__denyservice__packButton) ""
set __TKargs(denyservicesglobal__head1__packFrame) ""
set __TKargs(allowlocalhosts__hostIP__label) ""
set __TKargs(denyhosts__UseSMTPBlockList__checkbutton) ""
set __TKargs(isp__allow_10_net__frame) ""
set __TKargs(masq__masq_quake__checkbutton) ""
set __TKargs(allowservicesglobal__label1__packLabelAfter) ""
set __TKargs(denyhosts__hostnetmask__label) ""
set __TKargs(allowptp__localhostIP__packLabel) ""
set __TKargs(denylocalhosts__label5__button) ""
set __TKargs(masq__masqservice__packLabelAfter) ""
set __TKargs(masq__label2__labelBefore) ""
set __TKargs(isp__head1__label) " -background gray"
set __TKargs(allowlocalhosts__direction__subFrame) ""
set __TKargs(general__head1__label) " -background gray"
set __TKargs(denyservicesglobal__label1__button) ""
set __TKargs(allowhosts__head1__packLabel) ""
set __TKargs(masq__masq_irc__checkbutton) ""
set __TKargs(masq__servicesbyhost__packSubFrame) ""
set __TKargs(general__label4__packLabelBefore) ""
set __TKargs(masq__label1__frame) ""
set __TKargs(masq__masqservice__packEntry) ""
set __TKargs(masq__hostallow__checkbutton) ""
set __TKargs(general__label3__packButton) ""
set __TKargs(allowptp__hostIP__labelAfter) ""
set __TKargs(allowhosts__hostnetmask__frame) ""
set __TKargs(allowhosts__allowedhosts__frame) ""
set __TKargs(denyhosts__SMTPBlockListFile__packEntry) ""
set __TKargs(denyptp__deniedhosts__label) ""
set __TKargs(denyhosts__SMTPBlockListFile__entry) ""
set __TKargs(isp__connection_type__frame) ""
set __TKargs(allowptp__label1__button) ""
set __TKargs(isp__allow_10_net__packFrame) " -anchor center"
set __TKargs(masq__masq_ftp__pack) ""
set __TKargs(denyhosts__deniedhosts__packFrame) ""
set __TKargs(masq__label1__labelBefore) ""
set __TKargs(denylocalhosts__label1__packLabelAfter) ""
set __TKargs(allowlocalhosts__allowedhosts__packScrollbar) ""
set __TKargs(denyhosts__direction__subFrame) ""
set __TKargs(masq__label5__labelAfter) ""
set __TKargs(denylocalhosts__head1__packFrame) ""
set __TKargs(allowservicesglobal__head1__frame) ""
set __TKargs(masq__masq_irc__packFrame) ""
set __TKargs(denyservicesglobal__direction__radio) ""
set __TKargs(allowlocalhosts__line1__frame) ""
set __TKargs(allowptp__label1__labelBefore) ""
set __TKargs(general__head1__packLabel) ""
set __TKargs(denyservicesglobal__direction__frame) ""
set __TKargs(denyptp__localhostIP__frame) ""
set __TKargs(masq__masqlist__packFrame) ""
set __TKargs(general__label2__frame) ""
set __TKargs(masq__masqsystem__entry) ""
set __TKargs(allowlocalhosts__hostIP__button) ""
set __TKargs(masq__line2__frame) ""
set __TKargs(masq__line3__pack) ""
set __TKargs(general__blockXftp__packFrame) " -anchor center"
set __TKargs(allowlocalhosts__head1__packLabel) ""
set __TKargs(denyservicesglobal__label1__packLabelBefore) ""
set __TKargs(allowlocalhosts__frame1__packFrame) ""
set __TKargs(allowhosts__direction__label) ""
set __TKargs(allowservicesglobal__direction__packLabel) ""
set __TKargs(masq__masqservice__packLabel) ""
set __TKargs(denyhosts__head1__label) " -background gray"
set __TKargs(denyhosts__label1__packFrame) " -anchor center"
set __TKargs(isp__label1__packLabelBefore) ""
set __TKargs(allowlocalhosts__allowedhosts__packSubFrame) ""
set __TKargs(masq__line2__pack) ""
set __TKargs(denyhosts__SMTPBlockListFile__packLabel) ""
set __TKargs(allowhosts__label1__packLabelBefore) ""
set __TKargs(denyhosts__SMTPBlockListFile__label) ""
set __TKargs(masq__hostallow__packFrame) " -anchor center"
set __TKargs(allowhosts__hostIP__packButton) ""
set __TKargs(general__antispoof__checkbutton) ""
set __TKargs(denylocalhosts__direction__radio) ""
set __TKargs(allowptp__hostnetmask__packFrame) ""
set __TKargs(denylocalhosts__direction__frame) ""
set __TKargs(defaultinetpolicy__label1__labelBefore) ""
set __TKargs(allowlocalhosts__frame2__packFrame) ""
set __TKargs(masq__line1__pack) ""
set __TKargs(allowptp__allowedhosts__scrollbarFrame) ""
set __TKargs(masq__defaultpolicy__subFrame) ""
set __TKargs(allowlocalhosts__label1__packLabelAfter) ""
set __TKargs(masq__masqservices__subFrame) ""
set __TKargs(allowptp__masquerade__checkbutton) ""
set __TKargs(masq__servicesbyhost__label) ""
set __TKargs(masq__label5__packLabelAfter) ""
set __TKargs(masq__masqsystem__label) ""
set __TKargs(denylocalhosts__frame1__packFrame) ""
set __TKargs(denyptp__deniedhosts__packScrollbarFrame) ""
set __TKargs(masq__mframe0__frame) ""
set __TKargs(denyptp__label1__label) ""
set __TKargs(denyptp__hostnetmask__packEntry) ""
set __TKargs(masq__masqservices__packLine) ""
set __TKargs(allowptp__allowedhosts__scrollbar) ""
set __TKargs(masq__frame1__frame) ""
set __TKargs(allowservicesglobal__allowoutboundtcpallports__pack) ""
set __TKargs(allowlocalhosts__direction__packLabel) ""
set __TKargs(general__antispoof__packFrame) " -anchor center"
set __TKargs(allowlocalhosts__direction__label) ""
set __TKargs(allowlocalhosts__label6__frame) ""
set __TKargs(masq__masqservices__packScrollbarFrame) ""
set __TKargs(masq__hostallow__pack) ""
set __TKargs(allowptp__head1__packFrame) ""
set __TKargs(allowlocalhosts__frame3__packFrame) ""
set __TKargs(general__inboundtraceroute__packFrame) ""
set __TKargs(denyptp__localhostIP__labelAfter) ""
set __TKargs(general__label1__packLabelBefore) ""
set __TKargs(general__blockXftp__pack) ""
set __TKargs(allowhosts__hostnetmask__packEntry) ""
set __TKargs(isp__ISPIP__packFrame) ""
set __TKargs(denylocalhosts__frame2__packFrame) ""
set __TKargs(allowlocalhosts__hostIP__labelAfter) ""
set __TKargs(masq__masquerade__packFrame) " -anchor center"
set __TKargs(allowlocalhosts__label1__label) ""
set __TKargs(denyhosts__hostnetmask__button) ""
set __TKargs(denyhosts__UseHTTPBlockList__packFrame) ""
set __TKargs(allowservicesglobal__allowedservices__line) ""
set __TKargs(allowlocalhosts__label1__button) ""
set __TKargs(denyhosts__deniedhosts__packScrollbarFrame) ""
set __TKargs(denylocalhosts__deniedhosts__scrollbar) ""
set __TKargs(denyptp__hostnetmask__frame) ""
set __TKargs(denyservicesglobal__denyservice__frame) ""
set __TKargs(allowlocalhosts__label5__labelAfter) ""
set __TKargs(denyptp__direction__packLabel) ""
set __TKargs(denyservicesglobal__deniedservices__frame) ""
set __TKargs(allowlocalhosts__allowedhosts__packFrame) ""
set __TKargs(masq__frame0__packFrame) ""
set __TKargs(allowptp__localhostIP__packButton) ""
set __TKargs(general__label4__label) ""
set __TKargs(allowservicesglobal__line1__pack) ""
set __TKargs(isp__allow_172_net__packFrame) " -anchor center"
set __TKargs(denyptp__hostnetmask__packLabel) ""
set __TKargs(denylocalhosts__frame3__packFrame) ""
set __TKargs(allowlocalhosts__allowservice__entry) ""
set __TKargs(general__label1__packFrame) " -anchor center"
set __TKargs(general__blockinetudp__pack) ""
set __TKargs(allowptp__direction__packRadio) ""
set __TKargs(allowptp__direction__radio) ""
set __TKargs(denyhosts__hostnetmask__packEntry) ""
set __TKargs(allowhosts__hostnetmask__labelAfter) ""
set __TKargs(allowptp__allowedhosts__label) ""
set __TKargs(denyhosts__denyservice__frame) ""
set __TKargs(allowptp__head1__label) " -background gray"
set __TKargs(allowptp__direction__packFrame) ""
set __TKargs(allowptp__allowservice__button) ""
set __TKargs(allowptp__direction__frame) ""
set __TKargs(allowhosts__allowservice__packEntry) ""
set __TKargs(general__label4__packLabelAfter) ""
set __TKargs(masq__label1__labelAfter) ""
set __TKargs(masq__masqlist__subFrame) ""
set __TKargs(allowptp__label1__labelAfter) ""
set __TKargs(allowservicesglobal__allowservice__frame) ""
set __TKargs(isp__label1__frame) ""
set __TKargs(masq__frame1__packFrame) ""
set __TKargs(allowhosts__hostnetmask__packLabel) ""
set __TKargs(allowhosts__allowedhosts__packLabel) ""
set __TKargs(general__blockXall__pack) ""
set __TKargs(masq__masqlist__packLine) ""
set __TKargs(isp__connection_type__packButton) ""
set __TKargs(allowptp__direction__subFrame) ""
set __TKargs(general__label2__packFrame) " -anchor center"
set __TKargs(allowhosts__head1__label) " -background gray"
set __TKargs(isp__label1__packLabel) ""
set __TKargs(allowservicesglobal__allowservice__packLabelAfter) ""
set __TKargs(allowlocalhosts__allowservice__packFrame) ""
set __TKargs(defaultinetpolicy__label1__packFrame) ""
set __TKargs(denyservicesglobal__deniedservices__packLabel) ""
set __TKargs(masq__label4__packButton) ""
set __TKargs(isp__line2__frame) ""
set __TKargs(general__label1__frame) ""
set __TKargs(general__line2__frame) ""
set __TKargs(denyhosts__frame5__frame) ""
set __TKargs(general__label3a__frame) ""
set __TKargs(masq__defaultpolicy__radio) ""
set __TKargs(masq__line1__frame) ""
set __TKargs(masq__servicebyhost__packFrame) ""
set __TKargs(denyptp__hostIP__packButton) ""
set __TKargs(masq__servicebyhost__frame) ""
set __TKargs(masq__frame2__packFrame) ""
set __TKargs(allowptp__allowedhosts__subFrame) ""
set __TKargs(masq__defaultpolicy__frame) ""
set __TKargs(denyhosts__HTTPBlockListFile__packFrame) ""
set __TKargs(allowlocalhosts__allowservice__label) ""
set __TKargs(allowlocalhosts__label6__button) ""
set __TKargs(denyhosts__deniedhosts__frame) ""
set __TKargs(allowptp__allowedhosts__packScrollbar) ""
set __TKargs(denyservicesglobal__denyservice__packFrame) ""
set __TKargs(denyhosts__hostnetmask__packLabel) ""
set __TKargs(general__label3__packFrame) " -anchor center"
set __TKargs(allowptp__allowedhosts__packLine) ""
