-## Incoming multicast on a network interface associated with a trusted
-## network is OK, since it must have originated there (or been forwarded, but
-## we don't do that yet).
-seen=:-:
-for net in $allnets; do
- eval class=\$net_class_$net
- case $class in trusted) ;; *) continue ;; esac
- for iface in $(net_interfaces FWHOST $net); do
- case "$seen" in *:$iface:*) continue ;; esac
- seen=$seen$iface:
- run iptables -A inbound -j ACCEPT \
- -s 0.0.0.0 -d 224.0.0.0/24 \
- -i $iface
- done
-done
-