Hello !!! I'm building my FORWARD table rules, and I want to implement this: "Drop all FORWARD packets by default and then accept only packets coming from LAN (192.168.0.0/24) with the related and established condition and leaving my external interface ($INET_IFACE)". Is the next ruleset according to what I want or can I change the order ??? $IPTABLES -P FORWARD DROP $IPTABLES -A FORWARD -s 192.168.0.0/24 -o $INET_IFACE -j ACCEPT $IPTABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT I suppose with this implementation I'm discarding packet forwarding coming from 127.0.0.0/24, 10.0.0.0/8 and 172.16.0.0/12 (because my default policy is DROP by default)....is it OK ??? Thousands of thanks :) Alejandro
