{

$OUT .=<<"HERE";

# Input (from the wireless client to the server)
inFromChilli()\{
    /sbin/iptables -N IN_FROM_CHILLI
    /sbin/iptables -A IN_FROM_CHILLI -j state_chk
    # DHCP requests are allowed
    /sbin/iptables -A IN_FROM_CHILLI -p udp --dport 67:68 --sport 67:68 -s 0.0.0.0 -d 255.255.255.255 -j ACCEPT
    /sbin/iptables -A IN_FROM_CHILLI ! -s $net -j denylog
    # Allow wireless clients to ping the server
    /sbin/iptables -A IN_FROM_CHILLI -p icmp --icmp-type echo-request -j ACCEPT
    # Mandatory services for chilli (https, coova-chill)
#    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'httpd-e-smith'}{'TCPPort'} --syn -j ACCEPT
    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport ${'modSSL'}{'TCPPort'} --syn -j ACCEPT
    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $chilliport --syn -j ACCEPT
HERE

foreach (split(/[;,]/, ${'chilli'}{'AllowedServices'} || '')){
        my $service = $_;
	next if ((${"$service"}{'status'} || 'disabled') ne 'enabled');
        my @tcpports = split(/[;,]/, (${"$service"}{'TCPPort'} || '').",".(${"$service"}{'TCPPorts'} || ''));
        my @udpports = split(/[;,]/, (${"$service"}{'UDPPort'} || '').",".(${"$service"}{'UDPPorts'} || ''));
        if (@tcpports > 0){
                foreach(@tcpports){
                        $OUT .= "    # Acces to $service is allowed:\n" .
                                "    /sbin/iptables -A IN_FROM_CHILLI -p tcp --dport $_ --syn -j ACCEPT\n" if ($_ ne '');
                }
        }
        if (@udpports > 0){
                foreach(@udpports){
                        $OUT .= "    # Acces to $service is allowed:\n" .
                                "    /sbin/iptables -A IN_FROM_CHILLI -p udp --dport $_ -j ACCEPT\n" if ($_ ne '');
                }
        }
	# Special case for pptp, which uses GRE proto
	if ($service eq 'pptpd'){
		$OUT .= "    /sbin/iptables -A IN_FROM_CHILLI -p 47 -j gre-in\n";
		$OUT .= "    /sbin/iptables -I gre-in -s $net -j ACCEPT\n";
	}	
}

$OUT .= "    /sbin/iptables -A IN_FROM_CHILLI -j denylog\n\}\n";

}
