> Could the way i am restarting it cause it to refuse to honor > new rules w/o rebooting? <snip> > > [root@xxxxxxxxx root]# /etc/sysconfig/iptables condrestart > > iptables: Chain already exists > > iptables: Chain already exists > > iptables: Chain already exists > > iptables: Chain already exists > > iptables: Chain already exists Yes. If the script doesn't delete the user-defined chains first and then tries to create new ones with the same name you get this error. Rob
