diff --git a/conf/distro/kineintercom.conf b/conf/distro/kineintercom.conf
index 05ed7ee..6831c6f 100644
--- a/conf/distro/kineintercom.conf
+++ b/conf/distro/kineintercom.conf
@@ -7,9 +7,15 @@ SDK_VENDOR = "-benserv"
 SDK_VERSION = "${DISTRO_VERSION}"
 MAINTENER = "vincent.benoit@benserv.fr"
 
-# rpi specific
+# Image Rootfs type and size
 IMAGE_FSTYPES = "tar.bz2 ext4 ext4.xz rpi-sdimg"
 SDIMG_ROOTFS_TYPE = "ext4.xz"
+# define a multiplier that the build system apllies to
+# the initial image size (4Go freespace)
+#IMAGE_OVERHEAD_FACTOR = "2"
+IMAGE_ROOTFS_EXTRA_SPACE = "4194304"
+
+# rpi specific
 DISABLE_OVERSCAN = "1"
 BOOT_DELAY = "0"
 BOOT_DELAY_MS = "0"
diff --git a/recipes-apps/configurateur-frontend/configurateur-frontend.bb b/recipes-apps/configurateur-frontend/configurateur-frontend.bb
index 1aa15a4..b3b11ad 100644
--- a/recipes-apps/configurateur-frontend/configurateur-frontend.bb
+++ b/recipes-apps/configurateur-frontend/configurateur-frontend.bb
@@ -28,5 +28,5 @@ FILES:${PN} = " \
 do_install() {
 	install -d ${D}/var/www/app-configurateur
 	cp -a ${WORKDIR}/git/prod/app-configurateur/* ${D}/var/www/app-configurateur
-	chown -R root:root ${D}/var/www/app-configurateur
+	chown -R daemon:daemon ${D}/var/www/app-configurateur
 }
diff --git a/recipes-apps/kine-services/files/ttyAMA0.service b/recipes-apps/kine-services/files/ttyAMA0.service
new file mode 100644
index 0000000..553da48
--- /dev/null
+++ b/recipes-apps/kine-services/files/ttyAMA0.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Change owner and group of /dev/ttyAMA0 for KineIntercom
+ConditionPathExists=/dev/ttyAMA0
+
+[Service]
+User=root
+Group=root
+ExecStart=/bin/sh -c '/bin/chmod g+rw /dev/ttyAMA0'
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-connectivity/hostapd/files/hostapd.service b/recipes-connectivity/hostapd/files/hostapd.service
new file mode 100644
index 0000000..ce5f8a7
--- /dev/null
+++ b/recipes-connectivity/hostapd/files/hostapd.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/run/hostapd.pid
+ExecStart=/usr/sbin/hostapd /etc/hostapd.conf -P /run/hostapd.pid -B
+
+[Install]
+WantedBy=multi-user.target
diff --git a/recipes-connectivity/hostapd/hostapd_%.bbappend b/recipes-connectivity/hostapd/hostapd_%.bbappend
index b1bc2e2..ee4b0aa 100644
--- a/recipes-connectivity/hostapd/hostapd_%.bbappend
+++ b/recipes-connectivity/hostapd/hostapd_%.bbappend
@@ -2,12 +2,14 @@
 # Release under the MIT license (see COPYING.MIT for the terms)
 FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
 
-SRC_URI += "file://hostapd.conf"
+SRC_URI += " \
+	    file://hostapd.conf \
+	   "
 
 inherit systemd
-SYSTEMD_AUTO_ENABLE = "enable"
-SYSTEMD_SERVICE:${PN} = "hostapd.service"
+SYSTEMD_AUTO_ENABLE:${PN} = "enable"
 
 do_install:append() {
+	install -d ${D}${sysconfdir}/
 	install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/
 }
diff --git a/recipes-devtools/python/python3-tzdata_2022.7.bb b/recipes-devtools/python/python3-tzdata_2022.4.bb
similarity index 80%
rename from recipes-devtools/python/python3-tzdata_2022.7.bb
rename to recipes-devtools/python/python3-tzdata_2022.4.bb
index dd7bce4..4411918 100644
--- a/recipes-devtools/python/python3-tzdata_2022.7.bb
+++ b/recipes-devtools/python/python3-tzdata_2022.4.bb
@@ -9,4 +9,4 @@ inherit pypi python_setuptools_build_meta
 
 PYPI_PACKAGE = "tzdata"
 
-SRC_URI[sha256sum] = "fe5f866eddd8b96e9fcba978f8e503c909b19ea7efda11e52e39494bad3a7bfa"
+SRC_URI[sha256sum] = "ada9133fbd561e6ec3d1674d3fba50251636e918aa97bd59d63735bef5a513bb"
diff --git a/recipes-devtools/python/python3-werkzeug_2.2.2.bb b/recipes-devtools/python/python3-werkzeug_2.2.2.bb
new file mode 100644
index 0000000..3dac9aa
--- /dev/null
+++ b/recipes-devtools/python/python3-werkzeug_2.2.2.bb
@@ -0,0 +1,39 @@
+SUMMARY = "The Swiss Army knife of Python web development"
+DESCRIPTION = "\
+Werkzeug started as simple collection of various utilities for WSGI \
+applications and has become one of the most advanced WSGI utility modules. \
+It includes a powerful debugger, full featured request and response objects, \
+HTTP utilities to handle entity tags, cache control headers, HTTP dates, \
+cookie handling, file uploads, a powerful URL routing system and a bunch \
+of community contributed addon modules."
+HOMEPAGE = "http://werkzeug.pocoo.org/"
+LICENSE = "BSD-3-Clause"
+LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
+
+PYPI_PACKAGE = "Werkzeug"
+
+SRC_URI[sha256sum] = "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f"
+
+inherit pypi setuptools3
+
+CLEANBROKEN = "1"
+
+RDEPENDS:${PN} += " \
+    ${PYTHON_PN}-datetime \
+    ${PYTHON_PN}-difflib \
+    ${PYTHON_PN}-email \
+    ${PYTHON_PN}-html \
+    ${PYTHON_PN}-io \
+    ${PYTHON_PN}-json \
+    ${PYTHON_PN}-logging \
+    ${PYTHON_PN}-netclient \
+    ${PYTHON_PN}-netserver \
+    ${PYTHON_PN}-numbers \
+    ${PYTHON_PN}-pkgutil \
+    ${PYTHON_PN}-pprint \
+    ${PYTHON_PN}-simplejson \
+    ${PYTHON_PN}-threading \
+    ${PYTHON_PN}-unixadmin \
+    ${PYTHON_PN}-misc \
+    ${PYTHON_PN}-profile \
+"
diff --git a/recipes-extended/iptables/files/iptables.rules b/recipes-extended/iptables/files/iptables.rules
new file mode 100644
index 0000000..8dcf889
--- /dev/null
+++ b/recipes-extended/iptables/files/iptables.rules
@@ -0,0 +1,46 @@
+*filter
+########### Regles iptables ###########
+# Flush des regles
+-F INPUT
+-F FORWARD
+-F OUTPUT
+
+# Policies par defaut
+-P INPUT DROP
+-P FORWARD DROP
+-P OUTPUT DROP
+
+# On accepte le loopback
+-A INPUT -i lo -j ACCEPT
+-A OUTPUT -o lo -j ACCEPT
+
+# On accepte le ping entrant et sortant
+-A INPUT  -p icmp --icmp-type echo-request -j ACCEPT
+-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
+-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
+-A INPUT  -p icmp --icmp-type echo-reply -j ACCEPT
+
+### http
+-A INPUT  -i wlan0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -o wlan0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
+
+### ssh
+-A INPUT  -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
+-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
+
+### bootp client (hostapd)
+-A INPUT  -i wlan0 -p udp --sport 68 -j ACCEPT
+-A OUTPUT -o wlan0 -p udp --dport 68 -j ACCEPT
+
+# Log des trames droppees
+-N LOGGING
+-A INPUT -i eth0 -j LOGGING
+-A OUTPUT -o eth0 -j LOGGING
+-A INPUT -i wlan0 -j LOGGING
+-A OUTPUT -o wlan0 -j LOGGING
+-A LOGGING -m limit --limit 20/min -j LOG --log-prefix "DROP:" --log-level 4
+-A LOGGING -j DROP
+
+COMMIT
+
+# vim: filetype=sh
diff --git a/recipes-extended/iptables/iptables_%.bbappend b/recipes-extended/iptables/iptables_%.bbappend
new file mode 100644
index 0000000..fd798df
--- /dev/null
+++ b/recipes-extended/iptables/iptables_%.bbappend
@@ -0,0 +1,12 @@
+# Copyright (C) 2022 Vincent BENOIT <vincent.benoit@benserv.fr>
+# Release under the MIT license (see COPYING.MIT for the terms)
+FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
+
+SRC_URI += "file://iptables.rules"
+
+FILES:{PN} += "${sysconfdir}/iptables/iptables.rules"
+
+do_install:append() {
+	install -d ${D}${sysconfdir}/iptables/
+	install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables/
+}
diff --git a/recipes-extended/procps/files/ip-forward.conf b/recipes-extended/procps/files/ip-forward.conf
index bbd9f28..8835372 100644
--- a/recipes-extended/procps/files/ip-forward.conf
+++ b/recipes-extended/procps/files/ip-forward.conf
@@ -65,3 +65,4 @@ net/ipv4/ip_forward=1
 # See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
 #fs.protected_hardlinks = 1
 #fs.protected_symlinks = 1
+kernel.printk="2 4 1 7"
diff --git a/recipes-httpd/apache2/files/httpd.conf b/recipes-httpd/apache2/files/httpd.conf
index bfb7ea9..552aad6 100644
--- a/recipes-httpd/apache2/files/httpd.conf
+++ b/recipes-httpd/apache2/files/httpd.conf
@@ -108,16 +108,6 @@ ServerAdmin vincent.benoit@benserv.fr
 #
 ServerName localhost:80
 
-#
-# Deny access to the entirety of your server's filesystem. You must
-# explicitly permit access to web content directories in other 
-# <Directory> blocks below.
-#
-<Directory />
-    AllowOverride none
-    Require all denied
-</Directory>
-
 #
 # Note that from this point forward you must specifically allow
 # particular features to be enabled - so if something's not working as
@@ -270,7 +260,7 @@ LogLevel info
 #Include /etc/apache2/extra/httpd-info.conf
 
 # Virtual hosts
-Include /etc/apache2/extra/httpd-vhosts.conf
+#Include /etc/apache2/extra/httpd-vhosts.conf
 
 # Local access to the Apache HTTP Server Manual
 #Include /etc/apache2/extra/httpd-manual.conf
@@ -293,10 +283,10 @@ Include /etc/apache2/extra/proxy-html.conf
 #       starting without SSL on platforms with no /dev/random equivalent
 #       but a statically compiled-in mod_ssl.
 #
-<IfModule ssl_module>
-SSLRandomSeed startup builtin
-SSLRandomSeed connect builtin
-</IfModule>
+#<IfModule ssl_module>
+#SSLRandomSeed startup builtin
+#SSLRandomSeed connect builtin
+#</IfModule>
 
 
 #IncludeOptional /etc/apache2/conf.d/*.conf