===================================================================
RCS file: /home/cvsd/home/cvs/scripts/shell/firewall/fw-universal.sh,v
retrieving revision 2.17
retrieving revision 2.18
diff -u -p -r2.17 -r2.18
--- scripts/shell/firewall/fw-universal.sh	2005/01/16 17:24:23	2.17
+++ scripts/shell/firewall/fw-universal.sh	2005/03/01 21:47:20	2.18
@@ -9,7 +9,7 @@
 # Licensed under terms of GNU General Public License.
 # All rights reserved.
 #
-# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.16 2005/01/16 15:27:15 rajo Exp $
+# $Platon: scripts/shell/firewall/fw-universal.sh,v 2.17 2005/01/16 17:24:23 rajo Exp $
 #
 # Changelog:
 # 2003-10-24 - created
@@ -285,6 +285,10 @@ masquerade()
 
 		# alow packets from private subnet
 		$IPTABLES -A FORWARD -s ! $localnet -i $NAT_SUBNET_IFACE -j DROP
+		for client_ip in $NAT_CLIENT_DROP; do
+			echo -en " !$client_ip";
+			$IPTABLES -A FORWARD -s $client_ip -i $NAT_SUBNET_IFACE -j DROP
+		done
 
 		for redirect in $NAT_TCP_PORT_REDIRECT; do
 			eval `echo $redirect | awk -v FS=: '{ printf "remote_port=%s; local_port=%s;", $1, $2; }'`