=== added directory 'network-hooks.d'
=== added file 'network-hooks.d/bridge'
--- network-hooks.d/bridge	1970-01-01 00:00:00 +0000
+++ network-hooks.d/bridge	2011-11-24 20:15:24 +0000
@@ -0,0 +1,61 @@
+#!/bin/sh
+#
+# This is an example of a Mandos client network hook.  This hook
+# brings up a bridge interface as specified in a separate
+# configuration file.  To be used, this file and any needed
+# configuration file(s) should be copied into the
+# /etc/mandos/network-hooks.d directory.
+# 
+# Copying and distribution of this file, with or without modification,
+# are permitted in any medium without royalty provided the copyright
+# notice and this notice are preserved.  This file is offered as-is,
+# without any warranty.
+
+set -e
+
+CONFIG="$MANDOSNETHOOKDIR/bridge.conf"
+
+# Read config file, which must set "BRIDGE", "PORTS", and optionally
+# "IPADDRS" and "ROUTES".
+if [ -e "$CONFIG" ]; then
+    . "$CONFIG"
+fi
+
+if [ -z "$BRIDGE" -o -z "$PORTS" ]; then
+    exit
+fi
+
+if [ -n "$DEVICE" -a "$DEVICE" != "$BRIDGE" ]; then
+    exit
+fi
+
+case "$1" in
+    start)
+	brctl addbr "$BRIDGE"
+	for port in $PORTS; do
+	    brctl addif "$BRIDGE" "$port"
+	done
+	ip link set up "$BRIDGE"
+	if [ -n "$IPADDRS" ]; then
+            for ipaddr in $IPADDRS; do
+		ip addr add "$ipaddr" dev "$BRIDGE"
+	    done
+	fi
+	if [ -n "$ROUTES" ]; then
+            for route in $ROUTES; do
+		ip route add "$route" dev "$BRIDGE"
+	    done
+	fi
+	;;
+    stop)
+	ip link set down "$BRIDGE"
+	for port in $PORTS; do
+	    brctl delif "$BRIDGE" "$port"
+	done
+	brctl delbr "$BRIDGE"
+	;;
+    files)
+	echo /bin/ip
+	echo /usr/bin/brctl
+	;;
+esac

=== added file 'network-hooks.d/bridge.conf'
--- network-hooks.d/bridge.conf	1970-01-01 00:00:00 +0000
+++ network-hooks.d/bridge.conf	2011-11-24 20:15:24 +0000
@@ -0,0 +1,11 @@
+## Required
+
+#BRIDGE=br0
+
+#PORTS="eth0 eth1"
+
+## Optional
+
+#IPADDRS="192.0.2.3/24 2001:DB8::aede:48ff:fe71:f6f2/32"
+
+#ROUTES="192.0.2.0/24 2001:DB8::/32"