> I have a Linux box used as NAT server and firewall. All > requests on its port 80 are forwarded to a local webserver > inside my network. I want to block access to all services > including http from a specific external host. Carlos, You almost answered your own question. "All requests on its port 80 are forwarded". So the rule to block a specific IP needs to be in the FORWARD chain, not the INPUT chain. Regards, Brad
