# In case this script crashed or was interrupted earlier, flush, unlink and
# delete the temp chain.
IPTCOMMAND=iptables
if [[ {{local-ip}} =~ : ]] ; then
    IPTCOMMAND=ip6tables
fi
$IPTCOMMAND -w -t nat -F BOOTSTACK_MASQ_NEW || true
$IPTCOMMAND -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ_NEW || true
$IPTCOMMAND -w -t nat -X BOOTSTACK_MASQ_NEW || true
$IPTCOMMAND -w -t nat -N BOOTSTACK_MASQ_NEW
# Build the chain we want.
{{#masquerade_networks}}
NETWORK={{.}}
$IPTCOMMAND -w -t nat -A BOOTSTACK_MASQ_NEW -s $NETWORK ! -d $NETWORK -j MASQUERADE
{{/masquerade_networks}}
# Link it in.
$IPTCOMMAND -w -t nat -I POSTROUTING -j BOOTSTACK_MASQ_NEW
# Delete the old chain if present.
$IPTCOMMAND -w -t nat -F BOOTSTACK_MASQ || true
$IPTCOMMAND -w -t nat -D POSTROUTING -j BOOTSTACK_MASQ || true
$IPTCOMMAND -w -t nat -X BOOTSTACK_MASQ || true
# Rename the new chain into permanence.
$IPTCOMMAND -w -t nat -E BOOTSTACK_MASQ_NEW BOOTSTACK_MASQ
# remove forwarding rule (fixes bug 1183099)
$IPTCOMMAND -w -D FORWARD -j REJECT --reject-with icmp-host-prohibited || true
