For information about ipchains/iptables see www.netfilter.org The best up to date description of bridging I've seen is at ebtables.sourceforge.net, lots of nice diagrams showing the interaction of the bridge-nf code, ebtables and iptables - see doc ebtables/iptables interaction on Linux based bridge. This should help clarify what order things occur in. Most of this code comes in the 2.5 kernel source tree, though patches are available for 2.4. Hope that this helps Andrew [Original message] I'm using a linux bridge with ipchains (will be setting up some shaping in the near future), and looking for any current doc on specifics of ipchains filtering on a bridge (e.g., input and output chains become a bit of a paradox). At the moment, I'm looking for ways to defeat Microsoft popup spammers from www.byebyeads.com (they want the end user to pay them an extortion fee to stop sending popups that crash some windows apps). I already had ports 137 through 139 blocked to all tcp/udp, and recently added 135, but there also seem to be some broadcast methods of getting in, plus NetBEUI or variants, which will require more interesting ipchains rules. Thus, I'm especially interested in getting more info on how (using a linux bridge) I can stop various forms of broadcast attacks (which I am very unclear on the nature of). D. Stimits, stimits AT attbi DOT com