+$lgroup= var_global('lgroup');
+@lgroup= getgrnam($lgroup);
+@lgroup or fault("invalid group $lgroup");
+$lgid= $lgroup[2];
+$forbid_remote= var_global('forbid_remote');
+@forbid_remote= ();
+
+sub parse_addr_mask ($) {
+ my ($r) = @_;
+ my ($mask,$iaddr);
+ if ($r =~ s,/(\d+)$,,) { $mask=$1; } else { $mask=32; }
+ fault("invalid mask length $1") if $mask<0 || $mask>32;
+ $mask= $mask ? ~0 << (32-$mask) : 0;
+ $iaddr= inet_aton($r); fault("invalid address $r") unless defined $iaddr;
+ $iaddr= (unpack "N",$iaddr)[0];
+ return ($iaddr, $mask);
+}
+
+foreach $r (split /[, \t]+/, $forbid_remote) {
+ push @forbid_remote, [ parse_addr_mask($r) ];
+}
+
+sub ipif_permit ($$$) {
+ my ($local,$net,$why) = @_;
+ my ($pmask,$piaddr,$fmask,$fiaddr);
+ if (!$local) {
+ ($piaddr,$pmask) = parse_addr_mask($net);
+ foreach $fref (@forbid_remote) {
+ ($fiaddr,$fmask) = @$fref;
+ $jmask= $fmask & $pmask;
+#printf STDERR "%8lx %8lx %l8x %8lx", $pmask,$pmask
+ fault("local network $net claimed as remote ($why) by $site")
+ if (($fiaddr&$jmask) == ($piaddr&$jmask));
+ }
+ }
+ $ipif_file .= "$lgid,$local$net, $lgroup, $why\n";
+}
+
+$glend= var_site('lend')."/32";
+if ($glend !~ m/^V_/) {
+ ipif_permit('=', "$glend", 'local endpoint');
+}
+
+foreach $site (@actives, @passives) {
+ $tlend= var_site('lend')."/32";
+ if ($tlend != $glend) {
+ ipif_permit('=', $tlend.'/32', "$site - local endpoint");
+ }
+ $trend= var_site('rend').'/32';
+ $ix= 0;
+ $trnets= var_site('rnets');
+ ipif_permit('', $trend, "$site - remote endpoint");
+ if ($trnets ne '-') {
+ foreach $rnet (split /,/, $trnets) {
+ ipif_permit('', $rnet, "$site - remote network #$ix");
+ $ix++;
+ }
+ }
+}
+
+sub write_file ($$$$) {
+ my ($fn,$why,$head,$body) = @_;
+ length $fn or fault("location to write $why not specified");
+ open F, ">$fn.new" or fault("create $fn.new: $!");
+ print F $head."\n# AUTOGENERATED BY $0 - DO NOT EDIT\n".$body or die $!;
+ close F or die $!;
+ rename "$fn.new",$fn or die $!;
+}
+
+write_file(var_global(ipifnetsfile),'ipifnetsfile','', $ipif_file);
+
+$active_file= '';
+$inittab= '';
+$ix= 0;
+foreach $site (@actives) {
+ $active_file.= "$site\t".var_site('activesxinfo')."\n";
+ $inittab.= sprintf("t%d", $ix++).':'.var_site('inittab_line')."\n";
+ write_file(var_site('invoke_file'), 'invoke_file',
+ var_site('invoke_head'),
+ var_site('invoke_body'));
+}
+write_file(var_global('activesfile'),'activesfile', '',$active_file);
+write_file(var_global('inittab_fragfile'),'inittab_fragfile',
+"# You can cut and paste all or part of this into your inittab if you like.",
+ $inittab);
+
+$passive_file= '';
+foreach $site (@passives) {
+ $passive_file.= "$site\t".var_site('passivesxinfo')."\n";
+}
+write_file(var_global('passivesfile'),'passivesfile', '',$passive_file);
+
+system var_global('postconfigure'); $? and exit -1;
+
+exit 0;