{
# VPN paquets have already a tos set (when they entered the tun interface
# So, we just need to send them in the QOS table

# For OpenVPN Bridge
if (defined ${'openvpn-bridge'}{'UDPPort'}){
    $OUT .= "\$IPT -t mangle -A QOS -p udp --sport ${'openvpn-bridge'}{'UDPPort'} -j RETURN\n";
}
elsif (defined ${'openvpn-bridge'}{'TCPPort'}){
    $OUT .= "\$IPT -t mangle -A QOS -p tcp --sport ${'openvpn-bridge'}{'TCPPort'} -j RETURN\n";
}

# For OpenVPN Site To Site
my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s') || return "";

foreach my $server ($ovpndb->get_all_by_prop(type=>'server')){
    $OUT .= "\$IPT -t mangle -A QOS -p " . ($server->prop('Protocol') || 'udp') . " --sport " . $server->prop('Port') . " -j RETURN\n";
}
foreach my $client ($ovpndb->get_all_by_prop(type=>'client')){
    $OUT .= "\$IPT -t mangle -A QOS -p " . ($client->prop('Protocol') || 'udp') . " --dport " . $client->prop('Port') . " -j RETURN\n";
}

$OUT .= '';

}
