--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.allow_uamallowed	2008-09-02 13:28:02.000000000 +0200
+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	2009-03-13 09:11:24.000000000 +0100
@@ -14,12 +14,12 @@
 
 HERE
 
-# Allow services specidied in AllowedOutgoing
+my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
+my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
+my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
 
+# Allow services specidied in AllowedOutgoing
 foreach (split(/[;,]/, ${'chilli'}{'AllowedOutgoing'} || '')){
-        my $ReIpNum = qr{([01]?\d\d?|2[0-4]\d|25[0-5])};
-        my $ReIpAddr = qr{($ReIpNum\.$ReIpNum\.$ReIpNum\.$ReIpNum)|any|ANY|\*};
-        my $RePort = qr/\d{1,4}|[0-6]\d{4}|any|ANY|\*/;
 	# Check the rules has the form proto:remote_host:remote_port
         next unless /^(tcp|TCP|udp|UDP):${ReIpAddr}:${RePort}$/;
         my @params = split(/:/, $_);
@@ -35,6 +35,22 @@
         $OUT .= "-j ACCEPT\n"
 }
 
+foreach (split(/[;,]/, ${'chilli'}{'uamallowed'} || '')){
+	# Check the rules has the form proto:remote_host:remote_port
+	# Or host:port or protocol:host
+        next unless /^((tcp|TCP|udp|UDP):)?((${ReIpAddr})|((\w+\.)?\w+\.\w{2,3}))(:${RePort})?$/;
+	my $proto = $1;
+	my $host = $2;
+	my $dport = $3;
+	$OUT .= "    # $_ is allowed:\n";
+        $OUT .= "    /sbin/iptables -A FORWARD_FROM_CHILLI ";
+        $OUT .= "-p $proto " if (($proto) && ($proto ne ''));
+        $OUT .= "-d $host ";
+        $OUT .= "--dport $dport " if (($dport) && ($dport ne ''));
+        $OUT .= "--syn " if ($proto =~ /tcp/i);
+        $OUT .= "-j ACCEPT\n"
+}
+
 # Allow the two dns servers specified
 $OUT .= "    # Allow dns requests to ${'chilli'}{'dns1'}\n" .
 	"    /sbin/iptables -A FORWARD_FROM_CHILLI -p udp --dport 53 -d ${'chilli'}{'dns1'} -j ACCEPT\n"