diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/100-mcast-chain b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/100-mcast-chain
index 93382f3..ec0013a 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/100-mcast-chain
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/100-mcast-chain
@@ -1 +1 @@
-chain MULTICAST_OUT DROP
+chain('MULTICAST_OUT', 'DROP')
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-arp b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-arp
index fdb20b1..1083966 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-arp
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-arp
@@ -1 +1 @@
-rule MULTICAST_OUT -p ARP -j RETURN
+rule 'MULTICAST_OUT -p ARP -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-babel b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-babel
index 096ae50..d5b8177 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-babel
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-babel
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 6696 -j RETURN
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 6696 -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-btlpd b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-btlpd
index 9776157..20b709f 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-btlpd
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-btlpd
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv4 --ip-destination 239.192.152.143 --ip-protocol udp --ip-destination-port 6771 -j RETURN
+rule 'MULTICAST_OUT -p IPv4 --ip-destination 239.192.152.143 --ip-protocol udp --ip-destination-port 6771 -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv4 b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv4
index 440107a..2fca222 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv4
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv4
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN
+rule 'MULTICAST_OUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6 b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6
index 1b523ec..d156de4 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-dhcpv6
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j RETURN
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
index e52e5c7..25a95f3 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmp
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv4 --ip-protocol icmp -j RETURN
+rule 'MULTICAST_OUT -p IPv4 --ip-protocol icmp -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6 b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
index 7c50ff5..b670ff4 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-icmpv6
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ipv6-icmp -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-igmp b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-igmp
index 521af56..2d3814a 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-igmp
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-igmp
@@ -1 +1 @@
-rule MULTICAST_OUT -p IPv4 --ip-protocol igmp -j RETURN
+rule 'MULTICAST_OUT -p IPv4 --ip-protocol igmp -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-ospf b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-ospf
index 6e54075..da928d4 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-ospf
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/110-mcast-allow-ospf
@@ -1,2 +1,2 @@
-rule MULTICAST_OUT -p IPv4 --ip-protocol ospf -j RETURN
-rule MULTICAST_OUT -p IPv6 --ip6-protocol ospf -j RETURN
+rule 'MULTICAST_OUT -p IPv4 --ip-protocol ospf -j RETURN'
+rule 'MULTICAST_OUT -p IPv6 --ip6-protocol ospf -j RETURN'
diff --git a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/300-mcast b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/300-mcast
index afbc805..c52f122 100644
--- a/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/300-mcast
+++ b/gluon/gluon-ebtables-filter-multicast/files/lib/gluon/ebtables/300-mcast
@@ -1,2 +1,2 @@
-rule FORWARD --logical-out br-client -o bat0 -d Multicast -j MULTICAST_OUT
-rule OUTPUT --logical-out br-client -o bat0 -d Multicast -j MULTICAST_OUT
+rule 'FORWARD --logical-out br-client -o bat0 -d Multicast -j MULTICAST_OUT'
+rule 'OUTPUT --logical-out br-client -o bat0 -d Multicast -j MULTICAST_OUT'
diff --git a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv4 b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv4
index 8771ee1..ec56ff1 100644
--- a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv4
+++ b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv4
@@ -1,5 +1,5 @@
-rule FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY
-rule OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY
+rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
+rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY'
 
-rule FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY
-rule INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY
+rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
+rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY'
diff --git a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6 b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6
index 234e54e..d433cdd 100644
--- a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6
+++ b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-dhcpv6
@@ -1,5 +1,5 @@
-rule FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY
-rule OUTPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY
+rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY'
+rule 'OUTPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 546 -j OUT_ONLY'
 
-rule FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY
-rule INPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY
+rule 'FORWARD -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY'
+rule 'INPUT -p IPv6 --ip6-protocol udp --ip6-destination-port 547 -j IN_ONLY'
diff --git a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-radv b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-radv
index c725703..b34d4c7 100644
--- a/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-radv
+++ b/gluon/gluon-ebtables-filter-ra-dhcp/files/lib/gluon/ebtables/200-dir-radv
@@ -1,5 +1,5 @@
-rule FORWARD -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY
-rule OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY
+rule 'FORWARD -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY'
+rule 'OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -j OUT_ONLY'
 
-rule FORWARD -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY
-rule INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY
+rule 'FORWARD -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY'
+rule 'INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -j IN_ONLY'
diff --git a/gluon/gluon-ebtables/files/etc/init.d/gluon-ebtables b/gluon/gluon-ebtables/files/etc/init.d/gluon-ebtables
index cbc3d6a..5a77045 100755
--- a/gluon/gluon-ebtables/files/etc/init.d/gluon-ebtables
+++ b/gluon/gluon-ebtables/files/etc/init.d/gluon-ebtables
@@ -23,15 +23,14 @@ STOP=91
 exec_file() {
 	local file="$1"
 
-	sh -c "
-		eval 'rule() {
-			$EBTABLES_RULE
-		}'
-		eval 'chain() {
-			$EBTABLES_CHAIN
-		}'
-		source \"$1\"
-	" - "$file"
+	/usr/bin/lua -e "
+		function rule(command)
+			os.execute($EBTABLES_RULE)
+		end
+		function chain(name, policy)
+			os.execute($EBTABLES_CHAIN)
+		end
+	" "$file"
 }
 
 exec_all() {
@@ -49,8 +48,8 @@ exec_all() {
 
 start() {
 	(
-		export EBTABLES_RULE='ebtables -A "$@"'
-		export EBTABLES_CHAIN='ebtables -N "$1" -P "$2"'
+		export EBTABLES_RULE='"ebtables -A " .. command'
+		export EBTABLES_CHAIN='"ebtables -N " .. name .. " -P " .. policy'
 
 		if [ -z "$1" ]; then
 			exec_all ''
@@ -62,8 +61,8 @@ start() {
 
 stop() {
 	(
-		export EBTABLES_RULE='ebtables -D "$@"'
-		export EBTABLES_CHAIN='ebtables -X "$1"'
+		export EBTABLES_RULE='"ebtables -D " .. command'
+		export EBTABLES_CHAIN='"ebtables -X " .. name'
 
 		if [ -z "$1" ]; then
 			exec_all '-r'
diff --git a/gluon/gluon-ebtables/files/lib/gluon/ebtables/100-dir-chain b/gluon/gluon-ebtables/files/lib/gluon/ebtables/100-dir-chain
index 99908dc..31c19c5 100644
--- a/gluon/gluon-ebtables/files/lib/gluon/ebtables/100-dir-chain
+++ b/gluon/gluon-ebtables/files/lib/gluon/ebtables/100-dir-chain
@@ -1,2 +1,2 @@
-chain IN_ONLY RETURN
-chain OUT_ONLY RETURN
+chain('IN_ONLY', 'RETURN')
+chain('OUT_ONLY', 'RETURN')
diff --git a/gluon/gluon-ebtables/files/lib/gluon/ebtables/101-dir-rules b/gluon/gluon-ebtables/files/lib/gluon/ebtables/101-dir-rules
index 6c8f44c..b1cd4e2 100644
--- a/gluon/gluon-ebtables/files/lib/gluon/ebtables/101-dir-rules
+++ b/gluon/gluon-ebtables/files/lib/gluon/ebtables/101-dir-rules
@@ -1,2 +1,2 @@
-rule IN_ONLY --logical-in br-client -i ! bat0 -j DROP
-rule OUT_ONLY --logical-out br-client -o ! bat0 -j DROP
+rule 'IN_ONLY --logical-in br-client -i ! bat0 -j DROP'
+rule 'OUT_ONLY --logical-out br-client -o ! bat0 -j DROP'
diff --git a/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node b/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
index 08b70da..7595df2 100644
--- a/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
+++ b/gluon/gluon-next-node/generate/lib/gluon/ebtables/250-next-node
@@ -1,14 +1,14 @@
-rule FORWARD --logical-out br-client -o bat0 -d @next_node.mac@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -d @next_node.mac@ -j DROP
-rule FORWARD --logical-out br-client -o bat0 -s @next_node.mac@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -s @next_node.mac@ -j DROP
+rule 'FORWARD --logical-out br-client -o bat0 -d @next_node.mac@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -d @next_node.mac@ -j DROP'
+rule 'FORWARD --logical-out br-client -o bat0 -s @next_node.mac@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -s @next_node.mac@ -j DROP'
 
-rule FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP
-rule FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP
+rule 'FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-destination @next_node.ip4@ -j DROP'
+rule 'FORWARD --logical-out br-client -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -p IPv4 --ip-source @next_node.ip4@ -j DROP'
 
-rule FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP
-rule FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP
-rule OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP
+rule 'FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-destination @next_node.ip6@ -j DROP'
+rule 'FORWARD --logical-out br-client -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP'
+rule 'OUTPUT --logical-out br-client -o bat0 -p IPv6 --ip6-source @next_node.ip6@ -j DROP'
diff --git a/gluon/gluon-radvd/files/lib/gluon/ebtables/300-radv-input-output b/gluon/gluon-radvd/files/lib/gluon/ebtables/300-radv-input-output
index 379e486..377d11c 100644
--- a/gluon/gluon-radvd/files/lib/gluon/ebtables/300-radv-input-output
+++ b/gluon/gluon-radvd/files/lib/gluon/ebtables/300-radv-input-output
@@ -1,2 +1,2 @@
-rule INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -i bat0 -j DROP
-rule OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -o bat0 -j DROP
+rule 'INPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-solicitation -i bat0 -j DROP'
+rule 'OUTPUT -p IPv6 --ip6-protocol ipv6-icmp --ip6-icmp-type router-advertisement -o bat0 -j DROP'