diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/createlinks mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks
--- smeserver-openvpn-s2s-0.1/createlinks	2010-10-17 01:03:57.000000000 +0200
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/createlinks	2010-10-17 01:03:29.000000000 +0200
@@ -3,6 +3,7 @@
 use esmith::Build::CreateLinks qw(:all);
 
 safe_symlink("restart", "root/etc/e-smith/events/openvpn-s2s-update/services2adjust/openvpn-s2s");
+safe_symlink("adjust", "root/etc/e-smith/events/openvpn-s2s-update/services2adjust/masq");
 
 service_link_enhanced("openvpn-s2s", "S80", "7");
 service_link_enhanced("openvpn-s2s", "K25", "6");
@@ -12,5 +13,7 @@
 event_link("openvpn-s2s-genconf", "openvpn-s2s-update", "20");
 event_link("openvpn-s2s-genconf", "bootstrap-console-save", "80");
 
+templates2events("/etc/rc.d/init.d/masq", qw/openvpn-s2s-update/);
+
 panel_link("openvpns2s", 'manager');
 
diff -Nur -x '*.orig' -x '*.rej' smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk49vpn_networks mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk49vpn_networks
--- smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk49vpn_networks	1970-01-01 01:00:00.000000000 +0100
+++ mezzanine_patched_smeserver-openvpn-s2s-0.1/root/etc/e-smith/templates/etc/rc.d/init.d/masq/90local_chk49vpn_networks	2010-10-17 01:01:38.000000000 +0200
@@ -0,0 +1,10 @@
+{
+my $ovpndb = esmith::ConfigDB->open_ro('openvpn-s2s');
+
+foreach my $vpn ($ovpndb->get_all_by_prop(type=>('client')),
+                 $ovpndb->get_all_by_prop(type=>('server'))){
+    $OUT .= "/sbin/iptables -A \$NEW_local_chk --in-interface tun" . $vpn->key .
+            " -j DROP\n" if (($vpn->prop('AllowInbound') || 'yes') eq 'no');
+}
+
+