--- smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom.drop_forward_not_to_ext_if	2010-10-20 19:30:12.000000000 +0200
+++ smeserver-coova-chilli-0.2/root/etc/e-smith/templates/etc/rc.d/init.d/masq/00Functions01Chilli40forwardFrom	2010-10-20 19:30:50.000000000 +0200
@@ -7,6 +7,7 @@
     /sbin/iptables -N FORWARD_FROM_CHILLI
     /sbin/iptables -A FORWARD_FROM_CHILLI -j state_chk
     /sbin/iptables -A FORWARD_FROM_CHILLI -s ! $net -j denylog
+    /sbin/iptables -A FORWARD_FROM_CHILLI -o ! \$OUTERIF -j denylog
     /sbin/iptables -A FORWARD_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
     # Allow http for un-authenticated clients so uamallowed works
     # Https need to be allowed in AllowedOutgoing