All: I am running directly off the firewall box. I currently have the following: iptables -P OUTPUT ACCEPT When I change to this: iptables -P OUTPUT DROP iptables -A OUTPUT -p tcp --destination-port http -j ACCEPT I keep getting "domainname can not be found. Please check the name and try again" from my browser. This only happens for new web sites (i.e., Yahoo works fine). As this seems somewhat like a DNS issue, I tried adding this: iptables -A OUTPUT -p tcp --destination-port nameserver -j ACCEPT but it didn't work. Any ideas? Thanks. Neil Hodge
