diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli00setup	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,20 @@
+{
+
+# Compute the first IP of the network
+our $net = ${'chilli'}{'net'} || '10.1.0.0/255.255.255.0';
+my @netaddr = split(/\//,$net);
+my $netaddr = $netaddr[0];
+my @nums = split(/\./,$netaddr);
+my $i = 0;
+our $chillip = '';
+foreach (@nums){
+    $chillip .= $_."." if ($i ne '3');
+    $chillip .= "1" if ($i eq '3');
+    $i++;
+}
+
+our $tundev = ${'chilli'}{'tundev'} || 'tun0';
+our $chilliport = ${'chilli'}{'TCPPort'} || '3990';
+
+$OUT .= '';
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli10stop	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,43 @@
+{
+$OUT .=<<"HERE";
+
+# This will flush any existing rules for coova-chilli
+stopChilli()\{
+    CHAIN='IN_FROM_CHILLI'
+    STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
+    if [ \$STATE -ge 1 ]; then
+        /sbin/iptables -D INPUT -i $tundev -j \$CHAIN
+        /sbin/iptables -F \$CHAIN
+        /sbin/iptables -X \$CHAIN
+    fi
+    CHAIN='OUT_TO_CHILLI'
+    STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
+    if [ \$STATE -ge 1 ]; then
+        /sbin/iptables -D OUTPUT -o $tundev -j \$CHAIN
+        /sbin/iptables -F \$CHAIN
+        /sbin/iptables -X \$CHAIN
+    fi
+    CHAIN='FORWARD_FROM_CHILLI'
+    STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
+    if [ \$STATE -ge 1 ]; then
+        /sbin/iptables -D FORWARD -i $tundev -j \$CHAIN
+        /sbin/iptables -F \$CHAIN
+        /sbin/iptables -X \$CHAIN
+    fi
+    CHAIN='FORWARD_TO_CHILLI'
+    STATE=\$(/sbin/iptables -L -n | grep -c \$CHAIN)
+    if [ \$STATE -ge 1 ]; then
+        /sbin/iptables -D FORWARD -o $tundev -j \$CHAIN
+        /sbin/iptables -F \$CHAIN
+        /sbin/iptables -X \$CHAIN
+    fi
+    CHAIN='PREROUTING_FROM_CHILLI'
+    STATE=\$(/sbin/iptables -t nat -L -n | grep -c \$CHAIN)
+    if [ \$STATE -ge 1 ]; then
+        /sbin/iptables -D PREROUTING -t nat -i $tundev -j \$CHAIN
+        /sbin/iptables -t nat -F \$CHAIN
+        /sbin/iptables -t nat -X \$CHAIN
+    fi
+\}
+HERE
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli20input	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,46 @@
+{
+
+$OUT .=<<"HERE";
+
+# Input (from the wireless client to the server)
+inFromChilli()\{
+    /sbin/iptables -N IN_FROM_CHILLI
+    /sbin/iptables -A IN_FROM_CHILLI -j state_chk
+    # DHCP requests are allowed
+    /sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
+    /sbin/iptables -A IN_FROM_CHILLI -s ! $net -j denylog
+    # Allow wireless clients to ping the server
+    /sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
+    # Mandatory services for chilli (https, coova-chill)
+#    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT
+    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'modSSL'}{'TCPPort'} --syn -j ACCEPT
+    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT
+HERE
+
+foreach (split(/[;,]/, ${'chilli'}{'AllowedServices'} || '')){
+        my $service = $_;
+	next if ((${"$service"}{'status'} || 'disabled') ne 'enabled');
+        my @tcpports = split(/[;,]/, (${"$service"}{'TCPPort'} || '').",".(${"$service"}{'TCPPorts'} || ''));
+        my @udpports = split(/[;,]/, (${"$service"}{'UDPPort'} || '').",".(${"$service"}{'UDPPorts'} || ''));
+        if (@tcpports > 0){
+                foreach(@tcpports){
+                        $OUT .= "    # Acces to $service is allowed:\n" .
+                                "    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $_ --syn -j ACCEPT\n" if ($_ ne '');
+                }
+        }
+        if (@udpports > 0){
+                foreach(@udpports){
+                        $OUT .= "    # Acces to $service is allowed:\n" .
+                                "    /sbin/iptables -A IN_FROM_CHILLI -p udp --dport $_ -j ACCEPT\n" if ($_ ne '');
+                }
+        }
+	# Special case for pptp, which uses GRE proto
+	if ($service eq 'pptpd'){
+		$OUT .= "    /sbin/iptables -A IN_FROM_CHILLI -p 47 -j gre-in\n";
+		$OUT .= "    /sbin/iptables -I gre-in -s $net -j ACCEPT\n";
+	}	
+}
+
+$OUT .= "    /sbin/iptables -A IN_FROM_CHILLI -j denylog\n\}\n";
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli30output	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,14 @@
+{
+
+$OUT .=<<"HERE";
+
+# Output (from the server to the wireless clients)
+outToChilli()\{
+    /sbin/iptables -N OUT_TO_CHILLI
+    /sbin/iptables -A OUT_TO_CHILLI -j state_chk
+    /sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
+    /sbin/iptables -A OUT_TO_CHILLI -j denylog
+\}
+HERE
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,45 @@
+{
+
+$OUT .=<<"HERE";
+
+# Forward from chilli (from the wireless clients to the internet)
+forwardFromChilli()\{
+    /sbin/iptables -N FORWARD_FROM_CHILLI
+    /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk
+    /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog
+    /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
+HERE
+
+# Allow services specidied in AllowedOutgoing
+
+foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
+        my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
+        my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
+        my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
+	# Check the rules has the form proto:remote_host:remote_port
+        next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
+        my @params = split(/:/, $_);
+        my $proto = $params[0];
+        my $host = $params[1];
+        my $dport = $params[2];
+        $OUT .= "    # $_ is allowed:\n";
+        $OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI ";
+        $OUT .= "-p $proto ";
+        $OUT .= "-d $host " if ($host !~ /(any|\*)/i);
+        $OUT .= "--dport $dport " if ($dport !~ /(any|\*)/i);
+        $OUT .= "--syn " if ($proto =~ /tcp/i);
+        $OUT .= "-j ACCEPT\n"
+}
+
+# Allow the two dns servers specified
+$OUT .= "    # Allow dns requests to ${'chilli'}{'dns1'}\n" .
+	"    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n" 
+	if ((${'chilli'}{'dns1'} || '') ne '');
+
+$OUT .= "    # Allow dns requests to ${'chilli'}{'dns2'}\n" .
+	"    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns2'} -j ACCEPT\n" 
+        if ((${'chilli'}{'dns2'} || '') ne '');
+
+$OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog\n\}\n";
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli45forwardTo	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,14 @@
+{
+
+$OUT .=<<"HERE";
+
+# Forward to (from the local network or the internet to the wireless clients)
+forwardToChilli()\{
+    /sbin/iptables -N FORWARD_TO_CHILLI
+    /sbin/iptables -A FORWARD_TO_CHILLI -j state_chk
+    /sbin/iptables -A FORWARD_TO_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT
+    /sbin/iptables -A FORWARD_TO_CHILLI -j denylog
+\}
+HERE
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli50prerouting	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,24 @@
+{
+
+$OUT .=<<"HERE";
+
+# Prerouting from chilli (before the server routes paquets from wireless clients)
+preroutingFromChilli()\{
+    /sbin/iptables -N PREROUTING_FROM_CHILLI -t nat
+    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip
+HERE
+
+$OUT .="    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip\n" if $ExternalIP;
+
+# Redirect also addresses specified in RedirectToChilli
+
+foreach my $ip (split(/[;,]/,(${'chilli'}{'RedirectToChilli'} || ''))){
+	my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
+        my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)};
+        # Check the $ip is a valid ip address
+        next unless $ip =~ /^${ReIpAddr}$/;
+	$OUT .="    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ip -j DNAT --to $chillip\n";
+}
+$OUT .= "\}\n";
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli60start	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,20 @@
+{
+
+$OUT .=<<"HERE";
+
+# Send the paquets from and to chilli to the correct chains
+startChilli()\{
+    inFromChilli
+    outToChilli
+    preroutingFromChilli
+    forwardFromChilli
+    forwardToChilli
+    /sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI
+    /sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI
+    /sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI
+    /sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI
+    /sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI
+\}
+HERE
+
+}
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules	2008-08-26 22:33:38.000000000 +0200
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/60ChilliRules	1970-01-01 01:00:00.000000000 +0100
@@ -1,77 +0,0 @@
-{
-# Compute the first IP of the network
-my $net = $chilli{'net'} || '10.1.0.0/255.255.255.0';
-my @netaddr = split(/\//,$net);
-my $netaddr = $netaddr[0];
-my @nums = split(/\./,$netaddr);
-my $i = 0;
-my $chillip = '';
-foreach (@nums){
-    $chillip .= $_."." if ($i ne '3');
-    $chillip .= "1" if ($i eq '3');
-    $i++;
-}
-
-my $tundev = $chilli{'tundev'} || 'tun0';
-my $chilliport = $chilli{'TCPPort'} || '3990';
-
-if ($chilli{'status'} eq 'enabled'){
-$OUT =<<END;
-
-    ### START OF RULES FOR THE HOTSPOT ###
-
-    # IN_FROM_CHILLI
-    /sbin/iptables -N IN_FROM_CHILLI
-    /sbin/iptables -A IN_FROM_CHILLI -j state_chk
-    /sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
-    /sbin/iptables -A IN_FROM_CHILLI -s ! $net -j denylog
-    /sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
-    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT
-    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $modSSL{'TCPPort'} --syn -j ACCEPT
-    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT
-    /sbin/iptables -A IN_FROM_CHILLI -j denylog
-
-    # OUT_TO_CHILLI
-    /sbin/iptables -N OUT_TO_CHILLI
-    /sbin/iptables -A OUT_TO_CHILLI -j state_chk
-    /sbin/iptables -A OUT_TO_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
-    /sbin/iptables -A OUT_TO_CHILLI -j denylog
-
-
-    # FORWARD_FROM_CHILLI
-    /sbin/iptables -N FORWARD_FROM_CHILLI
-    /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk
-    /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog
-    /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
-    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -j ACCEPT
-    /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 443 --syn -j ACCEPT
-    /sbin/iptables -A FORWARD_FROM_CHILLI -p tcp --dport 21 --syn -j ACCEPT
-    /sbin/iptables -A FORWARD_FROM_CHILLI -j denylog
-
-
-    # FORWARD_TO_CHILLI
-    /sbin/iptables -N FORWARD_TO_CHILLI
-    /sbin/iptables -A FORWARD_TO_CHILLI -j state_chk
-    /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type destination-unreachable -j ACCEPT
-    /sbin/iptables -A FORWARD_TO_CHILLI -j denylog
-
-
-    # PREROUTING_FROM_CHILLI
-    /sbin/iptables -N PREROUTING_FROM_CHILLI -t nat
-    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $LocalIP -j DNAT --to $chillip
-    /sbin/iptables -A PREROUTING_FROM_CHILLI -t nat -d $ExternalIP -j DNAT --to $chillip
-
-    # Send the traffic from and to chilli in the correct chains
-    /sbin/iptables -I INPUT -i $tundev -j IN_FROM_CHILLI
-    /sbin/iptables -I OUTPUT -o $tundev -j OUT_TO_CHILLI
-    /sbin/iptables -I FORWARD -o $tundev -j FORWARD_TO_CHILLI
-    /sbin/iptables -I FORWARD -i $tundev -j FORWARD_FROM_CHILLI
-
-    /sbin/iptables -I PREROUTING -t nat -i $tundev -j PREROUTING_FROM_CHILLI
-
-    ### END OF RULES FOR THE HOTSPOT ###
-
-END
-}
-}
-
diff -Nur -x '*.orig' -x '*.rej' smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli
--- smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-coova-chilli-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/91restartChilli	2008-08-26 22:29:42.000000000 +0200
@@ -0,0 +1,11 @@
+
+    # First, remove hotspot rules
+    stopChilli
+
+    # Then, insert it if chilli is enabled
+    status=$(/sbin/e-smith/config getprop chilli status)
+    if [ $status = "enabled" ]
+    then
+        startChilli
+    fi
+