(
    # Detect lhvpn interface
    LHVPN_ADDRESS=$(ip -family inet -oneline addr show | grep -- "$(infod_client -o get -p openvpn.lhvpn.address -q)" | cut -d' ' -f2)

    # Inbound rsyslog messages, from lhvpn only.
    iptables -I INPUT -i "$LHVPN_ADDRESS" -p udp -m udp --dport 514 -j ACCEPT

    # Masquerading rules for when VPN clients are attempting to connect to external
    # networks from behind the VPN.
    iptables -I FORWARD -i "$LHVPN_ADDRESS" -o net1 -j ACCEPT
    iptables -I FORWARD -i net1 -o "$LHVPN_ADDRESS" -m state --state ESTABLISHED,RELATED -j ACCEPT
    iptables -t nat -I POSTROUTING -o net1 -j MASQUERADE
)
