#!/bin/sh
ifconfig \$INTERFACE ${tinc_peer_address} netmask ${netmask:-255.255.255.0}
{{ if len "${vip:-}" }}ifconfig "\$INTERFACE:0" ${vip}{{ end }}

# Enable IPv4 kernel routing/forwarding for this network
iptables -A FORWARD -o \$INTERFACE -d ${network_address}/${global_prefix:-16} -j ACCEPT
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -o ${internal_interface:-eth0} -d {{.}} -j ACCEPT
{{ end }}{{ end }}

# Prevent spoofing attacks
iptables -A FORWARD -i \$INTERFACE ! -s ${network_address}/${global_prefix:-16} -j DROP
{{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}iptables -A FORWARD -i \$INTERFACE -s {{.}} -j DROP
{{ end }}{{ end }}