Hi All ! i block redirects by sysctl , how i know /sbin/sysctl -w net.ipv4.conf.all.send_redirects=0 /sbin/sysctl -w net.ipv4.conf.all.accept_redirects=0 /sbin/sysctl -w net.ipv4.conf.all.accept_source_route=0 /sbin/sysctl -w net.ipv4.conf.all.mc_forwarding=0 but this is not best , because : 1. block redirects adressed to firewall only ( forget NAT , for sample ) , but redirects to subnet can pass. 2. i haven't info about redirects attempts to extend blackhole list. question: can iptables detect redirects ? and how ? Best regards vica.